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What's  hot  in  open  source? 

Our  picks  for  10  open  source  companies  to  watch  are  offer¬ 
ing  tools  that  help  you  do  everything  from  mobile  device 
management  to  data  integration  and  virtualization.  Page  14. 
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I  CLEAR  CHOICE  IQ 


VMware  edges  out  Microsoft  in  virtualization 
performance  test 

VMware’s  ESX  hypervisor  is  generally  faster, 
except  when  Microsoft’s  Hyper-V  is  using 
special  SUSE  Linux  drivers.  Page  42. 


used  computer  gear 

IBM,  others  buying  up 
equipment,  leasing  it 
back  to  financial 
institutions.  Page  12. 


Virtualization  tools 
bulk  up  user's  data 
center 


Hosting  provider 
RackForce  Networks 
has  rolled  out 
Microsoft  Hyper-V  to 
bolster  its  business 
by  offering  speedy, 
on-the-spot  scalabil¬ 
ity.  Page  48. 


Your  Take  on 
green  IT 


Deloitte 

CIO 

Larry 

Quinlan 

says 

being 

green  is 


Quinlan 


just  part  of  running 
an  efficient  IT  shop, 
while  EBSCO 
Publishing  CIO 
Michael  Gorrell  says 
his  out¬ 
fit's 
green 
initia¬ 
tives  are 
key  to 
handling 
major 

business  and  data 
storage  growth. 

Page  28. 


WLANs  face 

scaling 

challenges 

BY  JOHN  COX 

Philippe  Hanset  is  wondering 
about  the  intersection  of  the 
Slingbox  and  the  campuswide 
wireless  LAN  at  the  University  of 
Tennessee  at  Knoxville,  where 
he’s  IT  manager. 

A  vendor  has  been  industri¬ 
ously  selling  the  Slingbox  to  in¬ 
coming  students,  who  set  them 
up  in  their  dorm  rooms  where 
they  have  cable  TV  service.  The 
resulting  WLAN  then  lets  them 
stream  TV  programs  to  their 
notebooks  anywhere  on  cam¬ 
pus.  Imagine  a  hit  like  ‘American 
Idofstreaming  wirelessly  to  hun¬ 
dreds  of  student  notebooks. 

“This  could  be  challenging,” 
Hanset  says  mildly 
The  development  is  typical  of 
the  new  scaling  challenges  fac¬ 
ing  WLAN  administrators  as 
WLANs  continue  to  grow  in  size, 
in  number  of  users  and  as  they 
are  called  on  to  support  more 
demanding  applications.  With 
big  WLAN  deployments,  higher 
education  is  a  kind  of  ground 
zero  for  many  of  these  issues. 

Early  WLAN  owners  focused 
on  increasing  the  number  of  ac¬ 
cess  points  to  cover  a  given  area. 
But  today  many  wireless  admin¬ 
istrators  are  focusing  more  atten¬ 
tion  on  scaling  capacity 
That  focus  is  a  broad  one, 
See  Wireless,  page  16 


EXCLUSIVE  TEST 


Cisco  Nexus  switch 
lives  up  to  billing 


BY  DAVID  NEWMAN, 

NETWORK  WORLD  LAB  ALLIANCE 

Building  a  big  data  center  and  looking  for  a 
switch  to  match?  How  do  256  10  Gigabit  Ethernet 
ports  and  nearly  1.7  terabits  of  capacity  sound? 

That’s  what  Cisco  is  offering  with  its  brand-new 
Nexus  7000  Series  data  center  switches.  Intending 
these  boxes  to  be  a  data-center  mainstay  for  the 
next  decade,  Cisco  has  constructed  the  Nexus 
switches  to  be  far  larger  than  its  current  high-end 
products. 

Indeed,  this  exclusive  Network  World 
Clear  Choice  Test  was  the  biggest  we’ve 
ever  conducted.  Cisco’s  engineers  told  us 
they  too  had  never  before  tested  at  this 

See  Cisco,  page  20 


Giant  switch 
wins  high 
marks  for 
uptime, 
resiliency. 


FRANK  STOCKTON 


■  Industry 
launches  counter¬ 
attack  usin 
forensics,  "  JB 
biometrics, 
analytics  to  weed 
out  cer  cheats. 


Your  potential.  Our  passion. 

Microsoft 


fighting  ancient  warriors,  easy. 
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1.  Alert  the  mailroom. 

Tell  them  to  refuse  delivery  of  huge,  crudely  built  wooden  horses. 
If  one  slips  through,  simply  return  to  sender. 
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2.  Mop  'em. 

A  dirty  mop — the  dirtier  the  better — thrust  face-ward  is 
really  gross.  Who  knows  where  that  mop's  been? 
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3.  Use  what's  at  hand. 

A  garbage  can,  dumped  over  the  head  of  a  Warrior,  will  disable 
him  to  painful  and  hilarious  effect. 
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4,  Unleash  the  Trojan  teddy  bear.  44 

Fight  their  giant  phony  gift  filled  with  Warriors  with  ((  fs 
one  of  your  own.  Finding  Warriors  is  tough,  but 
not  impossible.  1 
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5.  Summon  the  power  of  Olympus. 

Ancient  Warriors  are  not  going  to  mess  with  the  power  of  Zeus. 
Use  this  (and  a  fake  beard)  to  your  advantage. 


6.  The  burrito  grande  of  death. 

Eating  a  big  lunch  makes  most  people  useless  and  sleepy  in  the  after¬ 
noon,  and  Ancient  Warriors  are  no  different.  Order  the  nachos,  too. 


1.  Implement  Microsoft  Forefront? 

Forefront  makes  defending  your  systems  easier.  It's  a  comprehensive,  simple- 
to-use,  integrated  family  of  products  that  helps  provide  protection  across  your 
client,  server,  and  network  edge.  For  case  studies,  free  trials,  demos,  and  all 
the  latest  moves,  visit  easyeasier.com 

Forefront  is  business  security  software  for  client,  server,  and  the  network  edge. 


ALTERNATIVE  THINKING  ABOUT  SERVER  MANAGEMENT: 


ave  to 


The  HP  ProLiant  DL385  G5  Server,  featuring  efficient  Quad-Core  AMD  Opteron™  processors,  lets  you  manage  it  from  your  office  in 
San  Diego  while  it  sits  in  Boston.  Remote  Management  (iL02)  lets  you  control,  reboot  and  troubleshoot  from  practically  anywhere, 
even  when  the  server  is  off. 


Technology  for  better  business  outcomes. 


AMD  ft 

Opteron 


64 


HP  ProLiant  DL385  G5 


si  mi 


lease  for  as  low  as  $54/mo'  for  48  months 


Smart 


(PN:  464211-005) 


•  2  Quad-Core  AMD  Opteron™  processors 

•  Supports  small  form  factor,  high-performance 
SAS  or  low-cost  SATA  hard  drives 

•  Redundant  Power 

•  Integrated  lights-Out  (iL02),  Systems 
Insight  Manager,  SmartStart 

Get  More: 

Smart  24x7,  4  hour  response,  3  years 
(PN:  UE894E)  $689 

Smart  Add  2  GB  additional  memory 
(PN:  408851-S21)  $159 


mm 


lease  for  as  low  as  $39/mo'  for  48  months 
Smart  (PN:  AG739A) 

*  400  GB  compressed  capacity  in  half-height 
form  factor 

•  Ships  with  Data  Protector  Express  Software, 
One  Button  Disaster  Recovery,  a  1U 
Rackmount  Kit,  and  a  Host  Bus  Adapter 


10,000,000  I.T.  folks  can't  be  wrong. 

To  learn  more,  call  1-888-226-6653  or  visit  hp.com/go/dependablel7 


Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient’s  address. 
Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  last.  All  featured  offers  available  in  U.S.  only.  Savings  based  on  HP  published  list  prices  of  configure-to-order 
equivalent  ($3125  -  $850  instant  savings  =  SmartBuy  price  of  $2,275).  1.  Financing  available  through  Hewlett-Packard  Financial  Services  Company  (HPFS)  to  qualified  commercial  customers  in 
the  U.S  and  subject  to  credit  approval  and  execution  of  standard  HPFS  documentation.  Prices  shown  are  based  on  a  lease  of  48  months  in  terms  with  a  fair  market  value  purchase  option  at  the 
end  of  the  term.  Rates  based  on  an  original  transaction  size  between  $3,000  and  $25,000.  Other  rates  apply  for  other  terms  and  transaction  sizes.  Financing  available  on  transactions  greater  than 
$349  through  September  30. 2008.  HPFS  reserves  the  right  to  change  or  cancel  these  programs  at  any  time  without  notice.  AMD,  the  AMD  Arrow  logo,  AMD  Opteron,  and  combinations  thereof  are 
trademarks  of  Advanced  Micro  Devices,  Inc.  (c)  2008  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  Is  subject  to  change  without  notice. 
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COOLTOOLS 


■  Roku  lets  you 
watch  Netflix  through  your  TV  rather 
than  DVD  player.  See  Cool  Tools, 
page  36. 


TECH  UPDATE 


25  Securing  virtualized  data  centers. 

36  Mark  Gibbs:  Reader  feedback  and 
Linux  distros. 

36  Keith  Shaw:  Netflix  box  rocks,  but 
where’s  the  content? 


SERVICE  PROVIDERS 

24  Opinion  Scott  Bradner:The  last 
pre-Internet  Olympics? 

24  Opinion  Johna  Till  Johnson:The 

many  modes  of  communication. 

50  Opinion  Compendium:  In-flight 
VoIP  no  mere  Flash  in  the  pan. 


NETWORKWORLD.COM 

8  Catch  up  on  the  latest  online  stories, 
blogs,  newsletters  and  videos. 

■  CONTACT  Network  World,  492  Old  Connecticut 
Path,  Framingham,  MA  01701-9002;  Phone:  (508)  766- 
5301;  E-mail:  nwnews@nww.com;  ■  REPRINTS:  (717) 
399-1900;  ■  SUBSCRIPTIONS:  Phone  (508)  820-8117; 
E-mail:  nwcirc@nww.com;  URL:  www.subscribenw.com 


INSIDE  THE 

HIDDEN  WO 
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Industry 
launches  counter¬ 
attack  using 
forensics, 
biometrics, 
analytics  to  weed 
out  cert  cheats. 


GOODBADUGLY 

Play  ball!  Again. 

And  again. 

The  era  of  using 
video  replays  to 
sort  out  disputed 
home-run  calls 
started  in  Major 
League  Baseball  last 
week,  and  networking  will  play  a  key 
role  in  supporting  the  system.  “A  tele¬ 
vision  monitor  and  a  secure  telephone 
link  to  MLB.com  [offices  in  Manhattan], 
placed  next  to  the  monitor,  have  been 
installed  during  the  past  few  weeks  at 
every  Major  League  ballpark,"  a  story 
on  baseball’s  official  Web  site  says. 

Feeling  the  economic  pinch 

U.S.  companies  are  pulling  back  hard 
on  IT  spending  as  the  economic  down¬ 
turn  continues,  a  new  study  by  Change- 
Wave  Research  has  found.The  re¬ 
search  firm  surveyed  1,947  people  (80% 
in  the  United  States)  involved  with  their 
organizations’  IT  spending.  Overall, 

30%  reported  that  third-quarter  IT 
spending  was  lower  than  planned,  an 
increase  of  three  percentage  points 
since  the  firm's  May  survey. 

Computer  problems  in  the  air 
A  network  failure  at  a  Georgia  facility 
of  the  Federal  Aviation  Administration 
was  blamed  for  multiple  flight  delays 
across  the  United  States  lastTuesday, 
including  flights  departing  from  major 
Northeastern  cities.  As  of  Wednesday 
morning,  the  FAA  said  flights  around 
the  country  no  longer  were  being 
delayed  by  what  it  vaguely  described  as 
a  software  glitch  on  an  aging  system. 

P  »LL 

A  snapshot  of  how  networkworld.com 
visitors  voted  on  a  key  networking  issue 
last  week: 

Is  a  college  degree  necessary  to  be  a 
great  IT  professional? 


No,  hands-on 
experience  is 
the  only  thing 
that  matters 
23% - 


Total  voters  for  this  poll:  169 

Vote  and  discuss:  www.nwdocfinder.com/6451 


PEERSAY 


Cloudy  weather 

Re:  Report:  Cloud  computing  poised  for 
enterprise  adoption  (www.nwdocinder.com 
/6426): 

One  thing  30  years  in  the  IT  industry  has 
taught  me  is  that  the  more  things  change, 
the  more  they  stay  the  same.  Another  is  that 
the  only  memory  we  seem  to  access  is  short¬ 
term.  A  third  is  that  techno-marketers  rely  on 
that,  so  they  can  put  labels  like  “revolution¬ 
ary”  and  “innovative”  on  platforms,  products 
and  services  that  are  mere  re-inventions  of 
the  wheel  —  and  often  poor  copies  at  that. 

A  good  example  is  all  the  latest  buzz  about 
“cloud  computing” 
in  general  ancTSaaS” 

(software-as-a-ser- 
vice)  in  particular. 

Both  terms  are 
bogus.  The  only  true 
cloud-computing 
takes  place  in  air¬ 
craft.  What  they’re 
actually  referring  to 
by  “the  cloud”  is  a 
large-scale  and  often  remotely  and/or  cen¬ 
trally  managed  hardware  platform.  We  have 
had  those  since  the  dawn  of  automated  IT. 
IBM  calls  them  “mainframes.” 

Bruce  Arnold 

Discuss  at  www.nwdocfinder.com/6427 


files  in  WinDbg  for  breakfast,  that’s  your 
exam! 

I’m  sure  I’ll  be  rudely  surprised  when  I  get 
the  letter  from  MS,  but  the  test  seemed  easi¬ 
er  to  me  than  my  trying  to  resolve  an 
obscure  hardware  bug  that  has  crashed  my 
Vista  box  every  few  days  since  June.  I  think 
if  I  resolve  it  (no  luck  thus  so  far),  they’ll 
have  to  give  me  the  cert,  because  1  have 
been  around  every  corner  of  Windows  in 
investigating  this  problem. 

David  Moisan 

Discuss  at  www.nwdocfinder.com/6431 

Another  lay¬ 
off  survival  tip 

Re:  20  tips  to  sur¬ 
vive  a  layoff 
(www.nwdoc 
finder.com/6429): 

If  you  have  some 
training  or  certifica¬ 
tions  to  catch  up  on, 
spending  a  half-hour 
a  day  on  that  is  a 
good  exercise.  Having  up-to-date  skills  is 
helpful, and  shows  you  have  energy  and  will 
stay  current. 

Erik  Westgard 

Discuss  at  www.nwdocfinder.com/6430 


**There  is  nothing  stopping 
Joe  Blow  from  becoming  his 
own  certificate  authority  and 
issuing  his  own  certificates, 
signed  by  his  CA.55 


Don’t  byte  off  more  than  you 
can  chew 

Re:  The  1-petabyte  barrier  is  crumbling 
(www.nwdocfinder.com/6428): 

Mark  my  words:  I  will  not  rest  until  even  the 
oddest  petabyte  is  treated  with  complete  par¬ 
ity  There’s  space  for  everyone. 

Now  stop  bit,  all  of  you. 

Jay  Levitt 

Discuss  at  www.nwdocfinder.com/6428 

Speaking  of  certification  . . . 

Re:  Microsoft  is  developing  a  new, super-hard 
certification  test  (www.nwdocfinder.com 
/6431): 

I  took  that  beta  last  month.  If  you  sleep 
with  Russinovich’s  Windows  Internals  book 
every  night  or  if  you  analyze  crash-dump 


SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 
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Why  not  recognize  DoD 
certifications/ 

Re:  Firefox  SSL-certificate  debate  gets 
gnarly  (www.nwdocfinder.com/6432): 

There  is  nothing  stopping  Joe  Blow  from 
becoming  his  own  certificate  authority  and 
issuing  his  own  certificates,  signed  by  his 
CA.A11  you  need  to  become  your  own  CA  is 
the  ability  to  read  and  use  openssl.The  rea¬ 
son  not  to  trust  ad-hoc  CAs  is  that  this  is  a 
slightly  more  arcane  way  to  spoof  certifi¬ 
cates.  Real  CAs  are  trusted  not  just  because 
it  costs  money  to  get  them,  but  also  because 
they’re  an  independent  agency  ostensibly  in 
the  CA  business. 

MIT  is  an  example  of  an  institution  that  is 
its  own  CA.  I  personally  trust  the  people  who 
set  up  that  CA.The  difference  is,  while  MIT 
does  force  its  affiliates  to  accept  its  CA  to 
use  internal,  special  HTTPS  sites,  it  does  not 
force  those  onto  the  public  sites.  If  any  insti¬ 
tution  can’t  fork  out  $15  for  a  real  cert,  per¬ 
haps  it  should  take  down  its  Web  server  and 
communicate  with  its  customers  via  first- 
class  mail. 

Finally,  there’s  nothing  stopping  you  from 
personally  adding  a  Defense  Department 
CA  to  your  browser  list  of  trusted  CAs.  Feel 
free  to  read  up  on  how  to  do  this  if  you  feel 
so  inclined. 


■  ■  ■■  ■ 

To  get  the  client  "  "  ■  ■  ■  ■ 

software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning 
see  www.nww.com/codescan 


David  Backeberg 

Discuss  at  www.nwdocfinder.com/6433 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification 
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JUST  RELEASED! 


From  the  Makers  of  Diskeeper 
Introducing... 


Undelete 


with  InvisiTasking  2009 


If  you’ve  never  had  a  frantic  executive  call  you 
in  despair  about  a  file  they  accidently  deleted, 
pleading  with  you  to  recover  it  from  a  black  hole, 
consider  yourself  lucky.  For  the  rest  of  us,  there’s 
Undelete  2009  with  InvisiTasking  technology. 


Undelete  fills  the  critical  gap  in  your  data  protection 
strategy,  ensuring  no  data  is  ever  accidently 
lost— period.  Even  saved  over  versions  of  Microsoft 
Office  files  are  safe.  No  longer  will  users  cry  about 
having  saved  over  their  spreadsheets.  Just  a  few 
clicks  of  the  mouse  and  your  files  are  back.  And 
with  the  Desktop  Client  feature  of  Undelete,  users 
can  recover  their  files  on  their  own— so  you  can 
get  back  to  the  important  stuff,  like  building  out 
your  high-availability  mail  cluster  (or  working  on 
your  golf  swing). 


Real-Time  Protection.  Real-Time  Recovery 

Try  it  free  at  www.undelete.com/network 
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■  Follow  these  links  to  more  resources  online 


I BL0G08PHERE 


■  Upgrading  to  SQL  Server  2008  —  a 
pleasant  surprise!  Brian  Egler  writes  in 
his  SQL  Server  Strategies  blog:  “In  my 
previous  post,  I  was  a  bit  critical  of  the  lat¬ 
est  version  of  the  Upgrade  Advisor.  Well, 
after  going  through  that  painful  process,  I 
proceeded  onto  my  upgrade  from  SQL 
Server  2005  to  2008  using  the  “in-place” 
method.  I  was  pleasantly  surprised  how 
smooth  the  transition  was.  And  everything 
seemed  to  work  after  the  upgrade.  .  .  . 
There  are  a  couple  choices  when  upgrad¬ 
ing:  migration  vs.  in-place  upgrade.  The 
migration  path  allows  you  to  install  a  fresh 
instance  of  the  latest  release  and  then  to 
copy  databases  over  from  the  legacy 
instances  to  the  new  instance.  The  Copy 
Database  Wizard  is  the  easiest  method  to 
use.  However,  Detach/Attach  and  Back¬ 
up/Restore  work  just  as  well.  The  Wizard, 
however,  wins  my  vote  because  it  prompts 
you  to  also  copy  server- level  objects,  such 
as  logins,  which  would  have  to  be  done 
manually  using  the  other  methods.” 
www.nwdocfinder.com/6447 

■  More  specs  revealed  for  first  An¬ 
droid  phone.The  Google  Subnet  blog  re¬ 
ports:  “Drawings  and  specs  for  the  first 
Android  phone,  expected  to  be  available 
for  presale  this  fall,  were  published  by  the 
Android  Guys,  kicking  up  even  more  enthu¬ 
siasm  for  the  first-of-its-kind  phone.  Be¬ 
sides  the  slide-out  QWERTY  keyboard,  the 
new  phone  also  seems  to  have  a  trackball 
and  a  couple  of  other  features  not  previ¬ 
ously  revealed. The  trackball  sits  on  a  tilt  at 
the  bottom  of  the  phone,  making  it  easier  to 
use  (but  probably  more  difficult  to  keep  in 
your  pocket).  The  drawings  also  show  that 
T-Mobile,  the  carrier  for  the  new  phone,  is 
planning  to  display  not  only  Google's  but 
also  phone  maker  HTC's  logo  on  the  back." 
www.nwdocfinder.com/6449 

■  Cisco  gone  wild:  Job  search  best 
practice  guide.  Brad  Reese  writes  in  his 
Brad  Reese  on  Cisco  blog,  “This  is  the 
kickoff  blog  of  Cisco  gone  wild,  a  new  blog 
series  dedicated  to  freeing  precious  gems 
of  information  that  are  hidden  within  the 
Cisco  web  site.  Cisco  has  produced  a 
quality,  16-page  university  course  style 
Job  Search  Best  Practice  Guide.  Although 
it  fails  to  mention  placing  your  desire  to 
relocate  (along  with  your  geographic  pref¬ 
erences)  near  the  top  of  your  resume  (see 
these  infamous  resume  tips),  it  does  men¬ 
tion  the  following:  Recruiters  and  head 
hunters  are  always  on  the  search  to  fill  job 
positions  online  through  job  boards." 
www.nwdocfinder.com/6450 


Roku  Netflix  player 
streams  the  flicks 

Keith  Shaw  tests  the 
Roku  box  for  Netflix 
and  finds  that  the  movie 
selection  is  lacking  but 
theTV-show  archive  is 
excellent. 

www.nwdocfinder.com/6454 


TVs  and  more  in 
Germany 

IDG  News  Service 
reporters  filed  several 
video  segments  from 
the  Berlin  IFA  con¬ 
sumer  electronics  show 
in  Germany.ThinTVs 
seem  to  be  the  rage. 

www.nwdocfinder.com/6455 


Olympic  tech 
winners  and  losers 

As  the  Olympics 
wrapped  up  last  week, 
many  sponsors  bet  big 
budgets  to  show  off 
their  names  in  associa¬ 
tion  with  the  games  — 
but  did  they  win  gold? 

www.nwdocfinder.com/6456 
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NEWSLETTERS 

Roaming  standard  ratified 


Wireless:  The  IEEE  recently  ratified  the  long- 
awaited  802. 1 1  r  standard  for  fast  handoff,  offi¬ 
cially  named  Fast  Basic  Service  Set  Transition. 
802.1  lr,  in  development  for  four  years,  is  a  key 
component  to  solving  the  performance  chal¬ 
lenges  associated  with  VoIP  over  Wi-Fi  in  large- 
scale  networks. 802. 1  lr  reduces  handoff  de¬ 
lays  associated  with  802. IX  authentication  by 
shortening  the  time  it  takes  to  reestablish  con¬ 
nectivity  after  a  client  transitions  from  one 
802.1 1  access  point  to  another  while  roaming. 
A  wireless  VoIP  expert  at  Fblycom  (formerly 
SpectraLink)  explains  how  the  mechanism 
works  to  balance  the  QoS  requirement  for 
very  fast  user  re-authentication  during  roam¬ 
ing  with  802.  lli’s  very  high  standard  security 
levels,  www.nwdocfinder.com/6444 

Tech  exec:  Is  the  exorbitant  price  of  gasoline 
leading  to  an  increase  in  telecommuting?  This 
will  have  a  dramatic  impact  on  IT  as  more 
people  drag  their  laptops  home  or  boot  up 
the  home  PC  to  access  office  applications. 
Managing  a  PC  that’s  not  continuously  con¬ 
nected  to  the  corporate  network  can  be  a 
challenge.These  guidelines  make  sure  all  the 
bases  are  covered.  But  telecommuting  isn’t 
just  a  temporary  response  to  high  fuel  prices. 
In  an  OfficeTeam  survey  of  150  executives 
from  some  of  America’s  largest  companies, 
82%  of  the  managers  said  they  expect  the 
number  of  employees  who  work  remotely  to 


increase  in  the  next  five  years.  Ignoring  the 
security  and  connectivity  needs  of  mobile 
workers  can  put  an  entire  network  at  risk.  All 
it  takes  is  one  PC  with  a  virus  to  cause  havoc. 

www.nwdocfinder.com/6445 

Network  management:  The  challenges  vir¬ 
tualization  presents  IT  managers  are  top-of- 
mind  for  many  vendors  and  industry  organi¬ 
zations. The  Distributed  Management  Task 
Force  (DMTF)  in  September  2007  announced 
the  acceptance  of  a  draft  specification  that 
promised  to  simplify  virtualization  interoper¬ 
ability  security  and  management.  According 
to  a  DMTF  paper  about  the  Open  Virtual¬ 
ization  Format  specification,  the  OVF  “de¬ 
scribes  an  open, secure,  portable,  efficient  and 
extensible  format  for  the  packaging  and  distri¬ 
bution  of  software  to  be  run  in  virtual 
machines  (VM).”The  proposed  format  uses 
existing  packaging  tools  to  combine  one  or 
more  VMs  with  a  standards-based  XML  wrap¬ 
per  that  provides  the  virtualization  platform 
with  a  portable  package  that  includes  installa¬ 
tion  and  configuration  parameters  for  the 
VMs.The  OVF  also  could  help  IT  managers 
understand  how  VMs  have  changed  during 
their  life  cycle.  For  instance,  if  aVM  template  is 
cloned  and  that  clone  has  changed  from  the 
master  template,  managers  need  to  know 
those  changes  to  troubleshoot  VM  perform¬ 
ance  problems  ww.nwdocfinder.com/6446 
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Don't  Push  Your  Luck 
With  Your  Push  To  Talk. 

MAKE  THE  SWITCH  TO  VERIZON  WIRELESS. 

Make  your  business  instantly  more  productive  by  upgrading  to  the  only  Push  to  Talk  service 
that  comes  with  the  Verizon  Wireless  Network  and  its  reliable  voice  service,  coast-to-coast 
coverage  and  24/7  customer  service.  Verizon  Wireless.  The  smart  choice  for  Push  to  Talk. 


Call  1 .800.VZW.4BIZ  Clickverizonwireless.com/pushtotalk  Visit  a  Verizon  Wireless  store 

Push  to  Talk  is  available  only  with  other  VZW  Push  to  Talk  subscribers;  coverage  not  available  everywhere.  Network  details  &  coverage  maps  at  vzw.com.  ©  2008  Verizon  Wireless. 


G'zOne  Boulder" 


motorola 

adventure  v7so 


Let  Verizon  Wireless  be  your  "go-to"guy  for  Push  to  Talk  you  can  count  on. 
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Cisco  strengthens  UC  story 
with  PostPath  buy 

Cisco  is  putting  up  $215  million  for  PostPath  so  it  can  package  the  company’s 
e-mail  and  calendaring  software  as  a  service  and  bundle  it  with  the  instant 
messaging,  wikis  and  document-sharing  capabilities  already  in  the  beta  ver¬ 
sion  of  Cisco’s  upcoming  collaboration  service, WebEx  Connect.The  PostPath  soft¬ 
ware  could  also  become  a  component  in  a  unified  communications  bundle  that 
businesses  buy  outright,  industry  observers  say 


Combining  Cisco  Call  Manager,  WebEx  and 
PostPath  would  make  a  credible  unified  com¬ 
munications  platform,  says  Alex  Lewis,  a 
senior  consultant  at  Convergent  Computing. 
“The  potential  downside  is  that  Cisco  isn’t 
known  as  a  software  company,  and  complet¬ 
ing  the  technology  integration  might  be  chal¬ 
lenging  for  them,”  he  says.The  upsides  are 
PostPath’s  native  compatibility  with  Microsoft 
Outlook  and  its  pricing..”  It  is  the  only  Ex¬ 
change  alternative  that  does  not  require  a 
plug-in  to  work  with  Outlook,  and  its  admin 
and  licensing  costs  tend  to  be  lower  than  for 
Exchange,”  says  Michael  Osterman,  principal 
at  Osterman  Research.  Cisco  expects  to  close 
the  PostPath  deal  by  the  end  of  October. 
www.nwdocfinder.com/6457 

Comcast  sets  monthly  bandwidth  limit 
for  customers.  Broadband  service  pro¬ 
vider  Comcast  will  limit  residential  customers 
to  250GB  of  bandwidth  a  month  beginning 
Oct.  1 ,  the  company  announced  last  week. 
Comcast  will  contact  customers  who  go 
above  the  250GB  limit  and  ask  them  to  cur¬ 
tail  their  use.  If  a  customer  goes  over  the 
monthly  limit  again  during  the  following  six 
months,  Comcast  will  suspend  service  for  a 
year.  Currently  Comcast  contacts  high-band- 
width  customers  and  will  suspend  their 
accounts  if  they  don’t  curb  their  use,  but  it 
has  not  set  a  firm  bandwidth  limit  until  now. 
Earlier  this  month,  the  FCC  struck  down  Com¬ 
cast’s  past  network-management  practice  of 
slowing  BitTorrent  peer-to-peer  traffic  to  re¬ 
duce  congestion. The  FCC  ruled  that  Comcast 
was  violating  net  neutrality  principles  by  tar¬ 
geting  a  certain  kind  of  Internet  traffic. 
www.nwdocfinder.com/6458 

IBM  flash  memory  breaks  1  million  I0PS 
barrier.  IBM  has  claimed  a  major  break¬ 
through  in  flash  storage,  with  a  research  pro¬ 
ject  that’s  delivering  data  transfer  speeds  of 
more  than  1  million  input/output  operations 
per  second.  IBM’s  Project  Quicksilver  com¬ 
bines  solid-state  flash  memory  with  IBM’s 
storage  virtualization  technology  IBM  said  it’s 
two  and  a  half  times  faster  than  its  own  SAN 
Volume  Controller  coupled  with  IBM’s  DS- 
4700  storage/Quicksilver  improved  perform¬ 
ance  by  250%  at  less  than  l/20th  the  re¬ 
sponse  time,  took  up  one-fifth  the  floor  space 


and  required  only  55%  of  the  power  and 
cooling,”  IBM  says.  Quicksilver  also  would  be 
two  and  a  half  times  faster  than  technology 
from  Texas  Memory  Systems,  which  says  it 
has  the  world’s  fastest  storage  with  an  IOPS 
rate  of  400,000.  Quicksilver  is  a  collaboration 
between  engineers  and  researchers  at  the 
IBM  Hursley  development  laboratory  in  Eng¬ 
land  and  IBM’s  Almaden  Research  Center  in 
California,  www.nwdocfinder.com/6459 

EMC  targets  SMBs,  branch  offices.  EMC 

is  targeting  small  businesses  and  branch 
offices  with  a  new  low-end  Celerra  storage 
product. The  Celerra  NX4,  which  can  be 
deployed  in  networked-attached  storage, 
iSCSI,  or  Fibre  Channel  storage-area  network 
systems,  is  ideal  for  consolidating  distributed 


file  servers  and  storage  into  a  single  platform, 
EMC  says.  Highlights  include  thin  provision¬ 
ing,  snapshot  technology  for  data  recovery 
and  backups,  and  a  Web-based  console  that 
automates  management  of  storage  volumes. 
NX4  offers  a  wider  choice  of  networks  and 
systems  than  most  competing  products  tar¬ 
geting  small  and  midsize  businesses,  such  as 
those  from  NetApp,  Dell  and  HP  says  Charles 
King  of  the  Pund-IT  analyst  firm.  But  EMC  is 
still  trying  to  build  a  reputation  as  a  vendor 
for  SMBs,  he  says.“This  is  a  product  that  would 
work  well  for  a  lot  of  small  and  medium-sized 
businesses,  but  those  are  not  the  types  of 
businesses  that  think  about  EMC  as  the  ven¬ 
dor  of  choice,”  King  says.“It  takes  time  to  grow 
name  recognition.” 
www.nwdocfinder.com/6460 

IE  8  hits  Beta  2,  privacy  features  added. 

Microsoft  last  week  released  the  second  beta 
of  Internet  Explorer  8  and  introduced  new 
privacy  features  including  InPrivate  Browsing. 
Designed  to  deletes  traces  of  the  sites  users 


have  visited,  InPrivate  Browsing  opens  a  sepa¬ 
rate  window;  when  closed,  it  deletes  records 
of  cookies,  passwords,  search  queries,  tempo¬ 
rary  Internet  files,  form  data  and  words  typed 
into  the  address  bar.  Some  are  referring  to  the 
feature  as  “porn  mode,”  given  that  it  most  like¬ 
ly  would  be  used  to  try  to  hide  tracks  to  such 
sites.  Microsoft  also  has  added  a  feature  that 
lets  users  selectively  delete  their  browsing  his¬ 
tory  instead  of  having  to  clear  out  the  History 
file  altogether,  which  is  how  IE  7  works.  IE  8 
also  includes  InPrivate  Blocking,  which  pre¬ 
vents  Web  sites  and  content  providers  from 
sharing  information.  IE  8  Beta  2  comes  nearly 
two  years  after  Microsoft  released  IE  7.The 
final  release  of  IE  8  is  expected  to  come  at 
year-end,  although  Microsoft  has  not  set  an 
official  date,  www.nwdocfinder.com/6461 

Dell  profit  falls  as  revenue  grows.  Dell 

posted  a  decline  in  profit  for  its  fiscal  second 
quarter  even  as  its  revenue  grew,  while  eco¬ 
nomic  doldrums  held  down  its  results  in 
some  parts  of  the  world. The  company’s  rev¬ 
enue  grew  1 1%  in  the  quarter  ended  Aug.  1, 
led  by  a  28%  gain  in  the  global  consumer 
business  and  growth  in  laptop  PCs,  which 
brought  in  26%  more  revenue  than  a  year  ear¬ 
lier.  Revenue  in  both  those  categories  was 
down  slightly  from  the  second  quarter,  how¬ 
ever.  Revenue  from  servers  and  network  gear 
increased  5%,  but  Dell  said  that  was  nearly 
twice  the  growth  rate  for  that  industry  seg¬ 
ment.  Dell  reported  net  income  of  $616  mil¬ 
lion,  down  17%  from  $746  million  a  year  earli¬ 
er.  Earnings  per  share  declined  to  $0.31  from 
$0.33. The  PC  and  server  maker  saw  contin¬ 
ued  economic  weakness,  particularly  in  the 
United  States  and  Western  Europe,  said  CFO 
Brian  Gladden  on  a  conference  call  with 
reporters.  For  the  remainder  of  the  year,  Dell 
expects  to  see  continued  conservative  IT 
spending  in  the  United  States,  spreading 
somewhat  to  Europe  and  Asia. 
www.nwdocfinder.com/6462 

Mozilla  Firefox  browser  gets  security 
boost.  Carnegie  Mellon  University  is  making 
available  a  free  add-on  to  Mozilla  Firefox  3.0 
that’s  intended  to  boost  browser  security. 
According  to  the  university  the  Perspectives 
software  not  only  protects  Firefox  users 
against  attacks  that  might  occur  because  of 
the  recently  disclosed  software  flaw  in  the 
DNS,  but  also  defends  against  some  digital- 
certificate  problems  that  crop  up  in  everyday 
use.“When  Firefox  users  click  on  a  Web  site 
that  uses  a  self-signed  certificate,  they  get  a 
security  error  message  that  leaves  many  peo¬ 
ple  bewildered,” said  David  Andersen,  assis¬ 
tant  professor  of  computer  science  at 
Carnegie  Mellon.  Once  Perspectives  is  in¬ 
stalled,  the  browser  can  automatically  over¬ 
ride  the  security  error  page  without  disturb¬ 
ing  the  user  if  the  site  appears  legitimate. 
www.nwdocfinder.com/6463 


10  •  SEPTEMBER  1,  2008  •  www.networkworld.com 


Making  IT  work  as  one.  It's  what  sets  us  apart. 

At  Novell  we're  taking  interoperability  to  a  whole  new  level.  We  believe  every  person,  every 
partner  and  every  piece  ot  your  mixed-IT  world  should  work  as  one.  Our  Enterprise  Linux, 
Security  and  Identity  Management,  Systems  Management  and  Collaboration  solutions 
easily  integrate  with  just  about  any  IT  infrastructure.  So  you  can  lower  cost,  complexity  and 
risk  on  virtually  any  platform  and  make  your  IT  work  as  one. 

www.novell.conn  Novell. 
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Banks  mining  cash  from 
their  computer  gear 


BY  JOHN  FONTANA 

In  another  sign  of  a  tight  economy  even  those 
that  have  the  money  are  getting  creative  with 
their  IT  resources  in  order  to  find  a  little  finan¬ 
cial  wiggle  room. 

Amid  the  credit  crisis  some  banks  are  taking 
their  fixed  IT  assets  —  mostly  hardware  —  and 
clearing  them  off  their  balance  sheets  to  free 
up  dollars  to  help  improve  their  positions, 
according  to  IBM  Global  Financing  (IGF),  the 
company’s  financing  division. 

Here  is  how  it  works.  Banks,  pushed  by  the 
mortgage  implosion  to  clean  up  their  balance 
sheets  and  raise  equity  are  selling  their  IT 
computer  equipment  to  IBM,  which  is  then 
leasing  the  gear  back  to  them  on  a  monthly 
basis.  Banks  are  finding  the  process  a  quick 
way  to  get  at  cash  wrapped  up  in  their  com¬ 
puter  hardware.  While  experts  say  such  a  pro¬ 
gram  is  not  a  financial  panacea,  it  can  be  effec¬ 
tive  as  part  of  an  overall  plan. 


own  it  and  we  write  a  lease,”  says  Dan 
Ransdell,  general  manager  for  client  financ¬ 
ing  with  IGF“It  generates  cash  for  the  bank, 
and  it  gets  their  existing  assets  on  a  technol¬ 
ogy  refresh  cycle.” 

IBM  says  leasing  reduces  upfront  expenses, 
allows  for  low  monthly  payments,  provides 
budgeting  flexibility  and  helps  avoid  product 
obsolescence.  But  leasing  isn’t  for  everyone 
and  takes  some  thorough  cost  analysis  to  dis¬ 
cover  if  it  has  long-term  benefits. 

Today  however,  experts  say  finding  cash  is  the 
driving  force  behind  leaseback.“If  the  reporting 
line  for  the  IT  group  goes  up  to  the  CFO,  the 
CFO  in  most  financial  institutions  today  is  look¬ 
ing  to  raise  capital  or  cash,”  says  Rod 
Nelsestuen,  research  director  in  the  Tower- 
Group’s  financial  strategies  and  IT  investments 
cross-industry  group. 

Nelsestuen  says  he  is  seeing  interest  increase 
in  leasing  options,  but  he  sees  the  trend  as 


generates  cash  for  the  bank  and  it  gets  their 
existing  assets  on  a  technology  refresh  cycle.531 

Dan  Ransdell 

General  manager  for  client  financing  with  IBM  Global  Financing. 


IBM  calls  it  Sale  Leaseback,  and  while  it  is 
not  a  new  service,  the  idea  is  getting  a  work¬ 
out  from  the  financial  services  industry, 
according  to  IBM  and  analysts.  IGF  competes 
in  the  leasing  business  with  HP  Financial  and 
CIT  Group,  which  also  backs  Dell  Financing 
and  Microsoft  Financing. 

IBM  says  its  Sales  Leaseback  business  in  2008 
has  grown  by  three  times  what  it  was  in  2007. 
The  company  however,  does  not  break  out 
those  figures,  but  says  revenue  was  near  $500 
million  for  the  first  half  of  2008.  Gross  profits  for 
IGF  in  2007  were  nearly  $2.2  billion. 

IGF’s  program  for  leasing  new  equipment 
also  is  up  an  unprecedented  31%  from  nor¬ 
mal  patterns  of  low  double-digit  growth,  ac¬ 
cording  to  the  company 
Earlier  this  year,  IBM  officials  say,  the  com¬ 
pany  bought  $200,000  worth  of  gear  from  a  top- 
five  bank  and  is  now  leasing  it  back  to  the  insti¬ 
tution.  IBM  declined  to  name  the  bank, but  said 
it  is  negotiating  a  Sale  Leaseback  with  another 
top  bank  for  $400,000  worth  of  hardware. 

“Their  equipment  doesn’t  change  on  the 
[data  center]  floor,  but  we  come  in  and  pay 
cash  for  the  equipment,  the  equipment 
comes  off  their  balance  sheets,  and  now  we 


short  term  and  driven  by  specific  conditions, 
although  leasing  presents  long-term  value  in 
some  cases,  he  says. 

“By  selling  their  platforms  now,  they  get  the 
cash  upfront,”  Nelsestuen  says,  but  he  says  that 
doesn’t  mean  companies  don’t  pay  the  entire 
price  of  the  hardware  over  time.  “There  is  no 
free  lunch,”  he  says. 

“If  you  are  the  CIO  you  might  say  ‘I  can  come 
up  with  a  lower  cost  of  ownership  by  owning 
the  hardware.’  I’m  not  saying  everyone  will,  but 
by  maintaining  ownership  the  CIO  can  say  I 
can  upgrade  parts  and  pieces  and,  therefore,  I 
can  provide  a  lower  cost  of  ownership  over  say 
five  or  seven  years  rather  that  four  or  three  in  a 
lease,”  Nelsestuen  says. 

IBM  agrees  that  economic  conditions  have 
fueled  creative  thinking  at  banks,  but  Ransdell 
says  there  are  other  factors  that  are  pushing 
financial  institutions  toward  lease  options.  He 
says  establishing  a  technology  refresh  cycle 
makes  sense  for  those  who  stay  current  with 
technology  and  he  says  IBM  can  ensure  envi¬ 
ronmentally  friendly  disposal  of  hardware. 

In  fact,  IBM  factors  into  lease  rates  its  oppor¬ 
tunities  in  secondary  markets  for  used  com¬ 
puter  parts  or  materials,  according  to  Fred 
Clarke,  manage  of  communications  for  IGFB 


InBrief 


HP  closes  EDS  deal 

HP  has  completed  its  $13.9  billion  purchase 
of  massive  systems  integrator  Electronic 
Data  Systems,  and  it  revealed  that  EDS' 
top-level  management  structure  would 
remain  largely  unchanged.  HP  had  already 
made  it  clear  that  EDS  President  and  CEO 
Ron  Rittenmeyer  would  continue  in  a  lead¬ 
ership  role.  Last  week  it  confirmed  that 
Rittenmeyer’s  direct  reports  would  include 
key  executives  from  EDS  continuing  in  their 
roles  as  vice  presidents  overseeing  various 
regions  of  the  world  as  well  as  functions 
such  as  global  sales,  transformation,  out¬ 
sourcing  and  marketing.  EDS  will  handle 
outsourcing  services  previously  provided  by 
HP's  Technology  Solutions  Group,  which  will 
focus  instead  on  designing  and  installing 
systems  for  customers. 

Nortel  uses  USB  drive  to 
secure  remote  work 

Nortel  hopes  to  tackle  the  security  of 
remote  work  with  an  "office  on  a  stick,”  a 
USB  drive  that  can  link  an  employee's  PC 
with  a  corporate  VPN  and  keep  all  the  infor¬ 
mation  from  a  session  encrypted.  The  drive, 
similar  to  a  typical  USB  drive  with  1G  or 
2GB  of  storage,  is  just  one  piece  of  the 
Nortel  Secure  Portable  Office,  a  product 
that  also  includes  a  Nortel  VPN  gateway 
and  services  to  help  enterprises  set  up  poli¬ 
cies  and  user  permissions.  With  the  soft¬ 
ware  for  a  VPN  session  residing  on  the  USB 
drive,  users  can  log  in  from  almost  any  PC. 
To  use  the  USB  stick,  workers  can  simply 
plug  it  into  a  USB  port  and  enter  a  user 
name  and  password.  Software  on  the  stick 
first  checks  the  PC  for  viruses  and  required 
security  mechanisms,  and  then  sets  up  an 
encrypted  remote  session. The  Nortel 
Secure  Portable  Office  will  cost  for  a 
deployment  supporting  100  or  more  concur¬ 
rent  users,  it  costs  $30,000  to  $60,000. 

Expand  Networks  secures 
$8.5  million 

Expand  Networks  has  landed  $8.5  million 
more  in  venture  funding  from  Intel  Capital 
plus  its  previous  investors.The  WAN  opti¬ 
mization  company  says  it  will  use  the  money 
to  support  research  and  development  in  vir¬ 
tualization  and  to  finance  near-term  tech¬ 
nology  buys.  Expand  makes  Compass 
Accelerators,  devices  that  perform  a  vari¬ 
ety  of  compression,  protocol  optimization, 
application  optimization  and  pattern 
caching.The  company  already  received  $25 
million  in  venture  funding  in  2000,  $9  million 
in  2005  and  $21  million  in  2007. 
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NEC’s  advanced  communications 
solutions  put  you  in  charge  when  it 
matters  most. 

Finally,  a  communications  solution  capable  of  providing  up-to-date  patient 
information  whenever  and  wherever  it  is  needed. 

NEC’s  Unified  Communications  provide  a  dynamic  and  realistic  connection  among 
individuals,  devices,  applications,  and  data.  Based  on  a  combination  of  innovative 
technologies  and  advanced  solutions,  its  mobility  and  flexibility  enables  people  to 
experience  greater  efficiency  and  productivity  -  in  any  industry. 

Integrated  IT  and  networking  solutions  like  these  have  made  NEC  a  world  leader, 
and  your  reliable  business  partner. 

Regardless  of  the  communications  solution  your  business  demands,  you  are 
assured  of  one  thing:  NEC.  Empowering  you  through  innovation. 

—  www.necus.com/necip 


IT  SERVICES  AND  SOFTWARE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS 


IMAGING  AND  DISPLAYS 


r 


Empowered  by  Innovation 


NEWS  ANALYSIS 


1 0  open  source  companies  to  watch 

Products  range  from  databases  to  data  integration 


BY  JOHN  FONTANA 

With  the  Open  Source  Conference  and  IDG’s 
LinuxWorld  show  in  the  rearview  mirror  of 
2008,  it  is  clear  that  open  source  is  no  longer 
just  a  trendy  conversation. 

What  has  happened  is  a  clear  evolution  of  a 
community  that  has  grown  up  and  produced 
intelligent,  cutting-edge  technologies  with  an 
eye  on  making  computing  faster,  smarter  and 
less  expensive  for  corporate  users.  Companies 
such  as  Openmoko  are  challenging  the 
mobile  device  market  with  its  notion 
that  users  should  control  what  applica¬ 
tions  are  installed.  Others  such  as 
XAware  and  SnapLogic  are  opening  up 
data  integration  possibilities,  and  still 
more  are  tangling  with  virtualization, 
databases  and  trading  systems.  Along 
with  a  company  accurately  called  Un¬ 
tangle,  the  companies’  point  is  to  make 
computing  less  complex. 

The  decision  is  no  longer  a  question  of  open 
source,  but  about  what  product  is  best  at  solv¬ 
ing  computing  problems  regardless  of  how  it 
was  built. 

Here  is  a  look  at  10  companies  to  watch. 

Kickfire 

Founded:  June  2006 

Location:  Santa  Clara 

What  does  the  company  offer?  Analytics 
appliance  based  on  MySQL  featuring  the  in¬ 
dustry’s  first  SQL  chip. 

Why  is  it  worth  watching?  Kickfire  combines 
software  and  hardware  to  create  fast  database 
query  performance  using  the  MySQL  database. 
Also  provides  data  warehousing  and  reporting 
features  lacking  in  MySQL.The  SQL  chip  moves 
query  processing  to  a  single  powerful  chip. 


How  did  the  company  get  its  start?  The  com¬ 
pany’s  founders  saw  instruction-centric  von 
Neumann  architecture  as  inefficient  for  pro¬ 
cessing  large  data  volumes  so  they  sought  to 
minimize  the  operation  set  and  maximize  the 
data  throughput.  A  key  was  having  an  open  ar¬ 
chitecture  available  via  MySQL. 

How  did  the  company  get  its  name?  A  com¬ 
bination  of“kickstart”and“fire”was  used  to  con¬ 
vey  a  new  approach  in  the  database  market. 

CEO  and  background:  Raj  Cherabuddi, 
CEO/president/co-founder.  He  also  was  the 


founding  CEO  of  Sanera  Systems,  which  was 
bought  by  McData.  He  also  served  as  lead  ar¬ 
chitect  for  Sun’s  UltraSPARC  Illi  processor. 

Funding:  Series  A  funding  of  $10.75  million 
and  Series  B  at  $20  million  backed  by  Accel 
Partners,  Greylock  Partners, The  Mayfield  Fund 
and  Pinnacle  Ventures. 

Who’s  using  the  product?  Kickfire  is  in  beta 
with  interest  from  marketing,  telecommunica¬ 
tions  and  software  service  providers,  network 
management,  retail,  media 
and  organizations. 

Marketcetera 

Founded:  April  2006.  The 
1.0  product  will  launch  by 
year-end. 

Location:  San  Francisco 
and  New  York 
What  does  the  company 
offer?  Marketcetera  has  developed  the  finan¬ 
cial  industry’s  first  open  source  platform  for 
automated  trading  systems. 

Why  is  it  worth  watching?  Marketcetera  gives 
trading  companies  an  open  platform  that 
translates  into  more  flexibility  and  control, 
and  faster  deployments  that  can  result  in  con¬ 
siderable  cost  benefits. 

How  did  the  company  get  its  start?  Founders 
Graham  Miller  and  Toli  Kuznets  worked  as  soft¬ 
ware  developers  and  executives  in  hedge 
funds  and  found  themselves  repeatedly  imple¬ 
menting  the  same  trading  systems.They  tapped 
the  rise  in  algorithmic  trading  and  the  accep¬ 
tance  of  open  source  in  the  financial  services 
industry  to  create  a  platform  and  offer  services. 

How  did  the  company  get  its  name?  The 
company  thought  “Market”  plus  “etcetera”  was  a 
clever  wordplay 

CEO  and  background:  Miller  has  more  than 
10  years  of  experience  in  the  finance  and  soft¬ 
ware  industries.  He  recently  was  director  of 
electronic  trading  strategies  for  a  New  York- 
based  hedge  fund  and  worked  for  Jane  Street 
Capital,  which  included  overseeing  the  devel¬ 
opment  of  several  high-throughput  black  box 
trading  systems.  He  holds  bachelor’s  and  mas¬ 
ter’s  degrees  in  computer  science  from  Stan¬ 
ford  University. 

Funding:  Led  by  Shasta  Ventures,  the  com¬ 
pany  received  $4  million  in  January  2008. 

Who’s  using  the  product?  Hedge  funds  and 
investment  banks  of  all  sizes. 

Vyatta 

Founded:  2005 

Location:  Belmont,  Calif. 

What  does  the  company  offer?  The  first  com¬ 
mercially  supported  open  source  router/fire¬ 
wall/VPN  solution,  which  appeared  in  2006. 

Why  is  it  worth  watching?  The  company  is 


combining  x86-based  processors  and  multi¬ 
core  technologies  with  open  source  code  and 
communities.  Vyatta’s  routing  and  security 
appliances  scale  from  branch-office  to  service- 
provider  installations. 

How  did  the  company  get  its  start?  Vyatta 
was  founded  by  Allen  Leinwand,  venture  part¬ 
ner  at  Panorama  Capital  and  an  early  Cisco 
employee,  who  took  his  cue  from  an  open 
source  router  project  out  of  the  International 
Computer  Science  Institute  in  Berkeley 

How  did  the  company  get  its  name?  The 
word  “vyatta”  is  Sanskrit  and  means  open. 

CEO  and  background:  Before  joining  Vyatta, 
Kelly  Herrell  was  the  senior  vice  president  of 
strategic  operations  at  Monta Vista  Software. 
Previously  he  was  vice  president  of  marketing 
for  Cobalt  Networks,  a  provider  of  open  source- 
based  server  appliances  for  Web  hosting.  He 
also  worked  at  CacheFlow,  Oracle,  NCR,  Tera- 
data  and  AT&T. 

Funding:  Vyatta  completed  Series  B  funding 
in  April  2007,  to  bring  its  total  venture  capital 
funding  to  $18.5  million.  Investors  include 
Panorama  Capital,  Comcast  Interactive  Capital, 
ComVentures  and  ArrowPath  Venture  Partners. 

Who’s  using  the  product?  Vyatta’s  Commu¬ 
nity  Edition  software  has  been  downloaded 
more  than  200,000  times  by  organizations  in 
aerospace  and  defense,  education,  financial 
services,  government  and  technology  Corpo¬ 
rate  Edition  customers  include  enterprise,  ser¬ 
vice  provider  and  governments. 

Sonatype 

Founded:  2007 

Location:  Palo  Alto 

What  does  the  company  offer?  Software,  sup¬ 
port  and  services  centered  on  making  it  easier 
to  use  Maven,  a  software  tool  for  Java  project 
management  and  build  automation. 

Why  is  it  worth  watching?  Sonatype  wants  to 
give  Java  developers  an  environment  that  rivals 
Microsoft’s  Visual  Studio  and  .Net.  Maven  has 
been  downloaded  more  than  2  million  times, 
and  Sonatype  adds  to  the  mix  its  Nexus  repos¬ 
itory  manager  and  m2eclipse  plug-in,  which 
ties  it  to  the  Eclipse  IDE. 

How  did  the  company  get  its  start?  Sonatype 
saw  a  gap  and  filled  it  after  recognizing 
Maven’s  widespread  adoption  highlighted  the 
need  for  stout  development  infrastructure 
tools  along  with  Maven  support  and  services. 

How  did  the  company  get  its  name?  Sona¬ 
type  takes  its  name  from  the  Hindi  word“sona,” 
which  means  gold,  and  the  Latin  word  “type,” 
which  means  model. 

CEO  and  background:  Jason  van  Zyl  also  is 
founder  and  CTO.  He  has  more  than  10  years’ 
experience  in  open  source  and  proprietary  en¬ 
terprise  software  development.  He  is  the 
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founder  of  the  Apache  Maven  project.  Prior  to 
Sonatype,  he  founded  Periapt,  which  provides 
software  infrastructure  development  services 
to  Fortune  500  companies.  He  has  also  worked 
as  a  technology  architect  at  Compusens.  He 
helped  found  Codehaus,an  incubation  facility 
for  open  source  community  projects. 

Funding:  Privately  funded. 

Who’s  using  the  product?  Sonatype’s  tools 
and  services  have  been  downloaded  more 
than  2  million  times  by  a  wide  range  of  com¬ 
panies  and  organizations  that  include  many 
members  of  the  Fortune  2000. 

Untangle 

Founded:  2007 

Location:  San  Mateo,  Calif. 

What  does  the  company  offer?  A  commer¬ 
cial-grade  open  source  gateway  to  small 
businesses  for  blocking  spam,  spyware, 
viruses,  adware  and  unwanted  content  on 
the  network. 

Why  is  it  worth  watching?  The  company  is 
aiming  at  being  a  leading  IT  supplier  for  small 
and  midsize  businesses,  and  is  developing 
other  open  source  IT  tools  to  go  along  with  its 
network  security  wares. 

How  did  the  company  get  its  start?  Dirk 
Morris  and  John  Irwin  spent  three  years  writing 
code  to  drastically  reduce  the  cost  of  propri¬ 
etary  software  and  the  complexity  of  open 
source  deployments.  The  pair  used  dozens  of 
open  source  technologies  and  has  open 
sourced  95%  of  the  code  they  created. 

How  did  the  company  get  its  name?  Com¬ 
pany  founders  say  the  Untangle  name  reflects 
their  mission  to  eliminate  IT  complexity  for 
small  businesses. 

CEO  and  background:  Bob  Walters  used  to 
land  F/A-18  Hornet  fighter  aircraft  on  aircraft 
carriers  before  selling  Teros,  an  application 
security  start-up,  to  Citrix  Systems.  He  has  held 
executive  and/or  general  management  posi¬ 
tions  with  Securant,  Linuxcare,  Informix  Soft¬ 
ware  and  Red  Brick  Systems.  He  is  a  graduate 
of  the  U.S.  Naval  Academy  in  Annapolis  and 
was  a  Guggenheim  Fellow  at  Princeton 
University 

Funding:  Two  rounds  totaling  $18.5  million 
with  CMEA  Ventures  and  Rustic  Canyon 
Partners. 

Who’s  using  the  product?  Customer  list  of 
5,000  includes  Genesis  Physicians  Group, 
Bishop  Kelley  High  School,  Franklin  Academy 
University  of  Georgia  and  Maine  State  Employ¬ 
ees  Association-SEIU  Local  1989. 

Qumranet 

Founded:  2005 

Location:  Sunnyvale,  Calif. 

What  does  the  company  offer?  Its  product  — 
Solid  ICE  —  provides  a  hosted  desktop  virtual¬ 
ization  environment  that  runs  in  the  corporate 
data  center. 

Why  is  it  worth  watching?  The  company  is 
tapping  Linux  kernel  virtualization  technology 
called  KVM  to  provide  IT  with  centralized 
desktop  and  image  management,  high  avail¬ 


ability  and  provisioning  for  any  desktop  oper¬ 
ating  system.lt  also  provides  the  connection 
protocol  and  management  system. 

How  did  the  company  get  its  start?  Qumranet 
wrote  KVM  and  open  sourced  the  code  taking 
advantage  of  processor  advancements  from 
Intel  and  AMD,  and  improvements  in  Linux 
scheduling  and  memory  management. 

How  did  the  company  get  its  name?  Named 
after  the  Qumran  caves  in  Israel,  where  the 
Dead  Sea  scrolls  were  found. 

CEO  and  background:  Benny  Schnaider  has 
been  in  senior  management,  engineering  and 
strategic  consulting  roles  at  many  companies, 
including  Cisco,  Amdahl/Fujitsu,  Hitachi,  IDT, 
Sun  and  3Com.  Schnaider  has  a  master’s 
degree  in  engineering  management  from 
Santa  Clara  University  and  a  bachelor’s  degree 
in  computer  engineering  from  the  Technion 
(Israel  Institute  of  Technology). 

Funding:  Sequoia  Capital  and  Norwest 
Venture  Partners. 

Who’s  using  the  product?  Commercial  Air¬ 
craft  Division  of  Israel  Aerospace  Industries 
and  several  Global  2000  companies,  which  the 
company  does  not  make  public. 

X Aware 

Founded:  XAware’s  open  source  project  was 
launched  in  November  2007. 

Location:  Colorado  Springs,  Colo. 

What  does  the  company  offer?  XAware  offers 
open  source  data  integration  software  for  cre¬ 
ating  and  managing  composite  data  services. 

Why  is  the  company  worth  watching?  Data 
integration  is  a  must-have  in  today’s  distributed 
networks,  and  XAware  is  throwing  out  its  old 
proprietary  software  in  favor  of  an  open  plat¬ 
form  based  on  the  same  technology  with  years 
of  development  and  testing  behind  it. 

How  did  the  company  get  its  start?  Kirstan 
Vandersluis,  who  helped  develop  and  patent 
XAware’s  product  suite,  co-developed  an  XML- 
based  data  services  application  and  began  full¬ 
time  work  on  the  product  in  March  2000. 

How  did  the  company  get  its  name? 
XAware’s  name  is  a  recognition  of  XML,  the 
markup  language  that  makes  it  possible  to 
read,  write  and  transfer  data  between  different 
sources. 

CEO  and  background:  Tim  Harvey  previously 
was  senior  vice  president  of  sales  and  market¬ 
ing  at  SI.  He  also  was  president  and  COO  of 
SynQuest.  Harvey  a  budding  triathlete,  graduat¬ 
ed  from  the  University  of  Florida  with  a  bache¬ 
lor’s  degree  in  finance  and  served  four  years  as 
an  officer  in  the  United  States  Marine  Corps. 

Funding:  XAware  has  secured  three  rounds 
of  funding  totaling  $26.4  million.  The  most  re¬ 
cent  ($7.4  million)  was  led  by  vSpring  Capital. 
Other  venture  capital  firms  include  GMT 
Capital,  Sequel  Ventures,  ITU  Ventures  and 
BMJP  LLC. 

Who’s  using  the  product:  Customers  include 
AXA,  ING,  the  Financial  Industry  Regulatory 
Authority  Genworth,  Synovus,  Northrop  Gru- 
man  and  Hire  a  Hero. 


Openmoko 

Founded:  March  2006 
Location:  Taipei, Taiwan 
What  does  the  company  offer?  Recently  re¬ 
leased  its  Neo  FreeRunner,  a  free  and  open 
source  mobile  platform  that  enables  develop¬ 
ment  of  customized  mobile  devices  and  appli¬ 
cations.  It’s  a  computer  in  the  form  of  a  phone. 


Why  is  it  worth  watching?  When  Openmoko 
says  open,  they  mean  it  —  even  encouraging 
users  to  crack  the  case  and  have  a  go  at  the 
hardware.  Freerunner  can  be  a  phone,  but 
users  can  craft  it  into  any  sort  of  handheld 
device  by  developing  their  own  applications 
or  loading  ones  built  by  the  Openmoko  com¬ 
munity  Openmoko  has  published  the  software, 
industrial  design  and  most  recently  published 
the  schematics  for  its  Openmoko  Neo  1973 
and  Neo  FreeRunner  phones. 

How  did  the  company  get  its  start?  Open¬ 
moko  software  engineer  and  electronics  en¬ 
thusiast,  Sean  Moss-Pultz,said,“I  can  never  up¬ 
grade  or  customize  my  phone.  If  I  want  new 
features  or  software,!  have  to  buy  a  new  phone 
every  few  months!”  Inspiration  followed  and 
Moss-Pultz  set  out  to  free  the  mobile  phone. 

How  did  the  company  get  its  name?  Open 
means  developers  and  consumers  have  the 
freedom  to  contribute  value  to  the  platform 
however  they  like.  Moko  is  abbreviated  for 
Mobile  Kommunikations.with  the  “K”  dedicated 
to  the  hacker  community  who  helped  create 
software  that  powers  the  Openmoko  platform. 

CEO  and  background:  Sean  Moss-Plutz  was 
raised  in  San  Diego, before  joining  FICA  to  head 
up  special  projects.  His  fluency  in  Chinese  and 
understanding  of  the  mobile  market  led  him 
into  the  CEO  role  at  OpenMoko. 

Funding:  Openmoko  is  a  wholly  owned  by 
First  International  Computer. 

Who’s  using  the  product?  Corporate  cus¬ 
tomers  are  under  nondisclosure  agreements, 
but  the  product  currently  sells  to  developers.  ■ 
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continued  from  page  1 

calling  for  a  deeper  understanding  of  what 
access  points  are  capable  of,  and  paying  more 
attention  to  scaling  back-end  systems,  servers 
and  networks. 

“We’ve  been  used  to  20  to  50  wireless  users 
in  an  area,  with  another  20  to  50  maybe  50  or 
100  feet  awa/ says  Brad  Noblet,  a  former  col¬ 
lege  IT  director  at  Dartmouth  and  Harvard, 
who’s  now  an  independent  consultant  at  BN 
Consulting.  The  assumption:  few  users,  who 
just  wanted  e-mail  access  or  Web  searching. 

Low-density  WLANs  are  giving  way  to  high- 
density  ones,  with  new  challenges  for  network 
administrators.“When  we  first  put  this  [WLAN] 
in  three  years  ago,  there  were  few  wireless 
clients,”  says  John  Turner,  director  of  network 
and  systems  at  Brandeis  University  in  Waltham, 
Mass.“Now  everyone  has  a  laptop.” 

The  scaling  challenges  include  making  sure 
there’s  adequate  wireless  and  wired  band¬ 
width  for  the  applications  being  served  to  wire¬ 
less  users.  “These  scaling  issues  are  becoming 
more  and  more  apparent  where  lots  of  folks 
show  up  and  you  need  to  make  things  hap¬ 
pen,”  Noblet  says. 

What  has  to  happen  is  that  lots  of  clients 
have  to  associate  with  an  access  point,  get  an 
IP  address,  be  authenticated,  get  enough 
bandwidth  (wireless  and  wired)  for  their 
applications,  and  behave  themselves  as  net¬ 
work  citizens. 

Noblet  urges  network  administrators  to  con¬ 
figure  access  points  for  performance  (or 
capacity),  rather  than  for  access.  He’s  found 
some  access  points  are  configured  without 
limits  on  the  number  of  client  associations.  If  a 
large  group  of  users  coalesce  around  an  ac¬ 
cess  point,  they’ll  find  slow  associations  or 
none  at  all.  “What  it’s  really  about  is  under¬ 
standing  the  throughput  performance  of  a  par¬ 
ticular  data  stream,”  he  says. 

Everyone  agrees,  however,  that  capacity  plan¬ 
ning  at  the  access-point  level  is  more  art  than 
science.  “When  I  speak  on  this  topic,  1  always 
emphasize  that  we,  the  IT  professionals,  not  the 
vendors, are  the  ones  who  best  understand  the 
user  and  application  scenarios  we’ll  be  dealing 
with  in  our  deployments,”  says  Dan  McCarriar, 
assistant  director  of  network  services  at  Carne¬ 
gie  Mellon  University  (CMU)  in  Pittsburgh. 

CMU  is  about  halfway  through  an  802.1  In 
deployment  using  gear  from  two  vendors, 
Aruba  Networks  for  academic  areas  and  Xirrus 
for  residence  halls.  Xirrus  packs  a  WLAN  con¬ 
troller  along  with  four,  eight  or  16  Wi-Fi  radios 
into  a  single  oversized  “smoke  detector”-like 
package,  called  an  array  with  antennas  sec¬ 
tored  to  prevent  interference.  The  result  lets 
CMU  plug  a  single  array  into  a  high-density 
area  without  having  to  do  complex  microcell 
planning  and  administration. 

Keeping  up  with  DHCP 

In  some  cases,  DHCP  servers  can’t  keep  up 
with  a  flood  of  clients.  “We’re  definitely  seeing 


Scaling  WLANs 

More  users,  more  traffic  and  more 
multimedia  can  strain  enterprise 
wireless  LANs  that  are  not  well- 
planned. To  avoid  or  minimize 
some  of  those  strains,  users  say: 

•  Focus  on  what  the  access  point  can 
and  can’t  do:Thorough  testing  helps  you 
see  how  it  performs  under  the  loads 
your  users  will  create. 

•  Configure  access  points  for  capacity. 

•  Make  sure  DHCP  servers  can  handle 
high-demand  surges. 

•  Plan,  monitor  and  manage  IP  addresses 
to  avoid  address  exhaustion. 

•  High-throughput  802.11n  still  needs 
end-to-end  capacity  planning. 


this,”  Turner  says.  CMU’s  DHCP  servers  are  able 
to  keep  pace,  however. The  key  is  designing  the 
centralized  IT  infrastructure  for  services,  which 
are  used  by  both  wired  and  wireless  clients,  so 
it  can  scale  quickly  and  easily 

Turner  plans  to  create  a  more  seamless 
mobile  experience  across  the  campus  by  tying 
location  and  mobility  services  into  DHCP'The 
DHCP  server  is  not  aware  that  someone  has 
disconnected,”  he  says.“We  might  be  able  to  do 
something  between  the  central  WLAN  con¬ 
troller  and  DHCP  so  we’re  not  holding  address¬ 
es  for  people  who  are  never  coming  back.” 

The  University  of  Tennessee  at  Knoxville  has 
run  into  a  slightly  different  DHCP  problem, 
Hanset  says:  Some  returning  student  notebook 
PCs  or  “rogue”  access  points  in  dorms  act  as 
DHCP  servers  themselves,  serving  out  useless 
DHCP  leases  to  requesting  clients.  The  school 
blocks  these  hosts  at  switch  ports  or  the  Aruba 
WLAN  controller. 

Another  scaling  issue  is  that  once  clients  are 
issued  IP  addresses,  they  may  keep  them  far 
longer  than  needed,  so  they  can’t  be  reissued 
to  newly  arriving  clients  on  the  same  subnet.  In 
some  cases,  addresses  can  be  exhausted. 

At  the  University  of  Tennessee,  these  address 
leases  are  limited  to  two  hours, and  at  Brandeis 
to  just  30  minutes.  Both  institutions  use  Aruba’s 
virtual-LAN  pooling,  which  associates  a  pool  of 
addresses  to  a  given  VLAN.  It’s  an  efficient  and 
effective  tool,  but  network  administrators  still 
“have  to  think  carefully  about  this, ’’Turner  says. 

CMU  has  a  flat  WLAN,  essentially  configured 
as  a  campuswide  subnet  with  one  large  pool 
of  addresses.  The  university  plans  to  segment 
the  network  carefully  probably  into  several 
geographical  zones, once  the  802.1  In  rollout  is 
complete.  Then,  address  exhaustion  could 
become  an  issue  if  it’s  not  properly  managed 
and  monitored,  says  Scott  Ambrose,  CMU’s 
manager  of  network  design  and  development. 


Ambrose  plans  to  collect  a  mass  of  statistics 
on  such  things  as  average  number  of  devices 
on  the  network  and  peak  numbers  of  users,  as 
well  as  the  locations  of  the  access  points  they 
are  associated  with. That  data  will  go  into  plan¬ 
ning  the  size  and  number  of  zones, and  how  to 
allocate  the  available  IP  addresses  to  each  one. 

Multimedia  use  is  surging,  and  802.1  In  is 
expected  to  make  it  surge  still  more.  All  these 
universities  are  configuring  their  WLANs  for 
multicast  support  to  minimize  bandwidth  de¬ 
mands  where  possible.  In  effect,  users  tune  into 
a  single  multicast  stream  (analogous  to  viewing 
broadcast  TV)  rather  than  receiving  a  separate, 
unicast  stream. “You  have  to  look  at  your  appli¬ 
cation  and  ask  ‘what  am  I  trying  to  serve  here?’” 
Noblet  says.That  will  dictate  whether  you  have 
to  make  use  of  a  unicast  or  multicast  transport.” 

“We  enabled  multicast  everywhere  we  can,” 
Hanset  says.  But  with  that,  to  further  improve 
performance,  the  university  also  disabled  the 
slowest  WLAN  data-transfer  rates  of  1M  and 
2Mbps.  “So,  every  broadcast  packet  is  sent  at 
5.5Mbps,”  he  says. 

Test  everything,  CMU’s  McCarriar  says. 
“Support  for  multicasting  [by  vendors]  is  all 
over  the  map,”  he  cautions. 

802.1  In  is  no  silver  bullet 

These  users  all  are  adopting  or  evaluating 
802.1  In,  which  promises  five  to  six  times  more 
throughput  than  802.1  la/b/g  WLANs.The  extra 
capacity  will  be  very  welcome,  but  all  agree 
that  802.1  In  won’t  eliminate  the  need  for  care¬ 
ful,  thoughtful,  end-to-end  capacity  planning. 

“It  guarantees  faster  speeds,  but  it  doesn’t  pre¬ 
vent  one  bandwidth  hog  from  taking  most  of 
that,”  Hanset  says. “I’d  like  to  have  a  ‘fair  share’ 
mechanism  in  the  WLAN, so  that  can’t  happen, 
especially  in  high-density  areas.” 

Hanset  also  cautions  that  802.1  In  throughput 
can  be  affected  dramatically  by  inadequate 
upstream  links  and,  in  the  case  of  the 
University  of  Tennessee,  power  injectors.  Tests 
showed  an  Aruba  802.1  In  access  point  deliv¬ 
ering  80M  to  90Mbps,  but  160Mbps  with  a  giga¬ 
bit  connection  and  gigabit-capable  power 
injectors,  he  says. 

In  many  migrations,  enterprises  are  replacing 
existing  802.1  la/b/g  access  points  with 
802. 1 1  n  devices.  But  if  the  802. 1 1  n  products  are 
using  the  5GHz  frequency  because  there  are 
more  channels  and  less  radio  noise,  some 
tweaking  will  be  needed,  Turner  warns.  That’s 
because  5GHz  signals  don’t  propagate  as  well 
as  those  in  the  2.4GHz  band. 

“We’ve  seen  where  we’ve  installed  an  1  In 
access  point  and  expected  great  performance 
in  the  5GHz  band,”  Turner  says. “But  you  walk 
behind  two  walls  and  your  signal  vanishes.  It’s 
not  dead-simple.”  ■ 
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Storage  market  thrives 
in  down  economy 


Alcatel-Lucent 
intros  Gigabit 
Ethernet  switches 

BY  TIM  GREENE 

Alcatel-Lucent  is  delivering  a  new  family  of 
Gigabit  Ethernet  switches  that  fit  into  its  archi¬ 
tecture  for  blending  data,  voice  and  wireless 
connectivity  and  are  designed  for  small  and 
midsize  businesses. 

OmniSwitch  6400  comes  in  six  models  that 
can  be  stacked  so  a  single  logical  switch 
supports  a  maximum  of  384  ports.  Individual 
chassis  support  24  and  48  ports,  and  can 
support  either  unpowered,  Power  over  Ether¬ 
net  or  fiber  ports. 

The  switches  support  Routing  Information 
Protocol  and  Intermediate  System  to  Inter¬ 
mediate  System  and  could  be  used  in  branch 
offices  as  the  local  switch  as  well  as  the  WAN 
router,  Alcatel-Lucent  says. 


Alcatel-Lucent’s  OmniSwitch  6400 
family  of  Layer  2+  Gigabit  Ethernet 
switches  support  anti-denial  of  ser¬ 
vice,  802.1X,  anomaly  detection  and 
quarantining. 

The  switches  support  high  availability  so  if 
one  control  module  on  a  stacked  array  fails, 
a  secondary  control  module  takes  over  with 
no  loss  of  data  or  network  connectivity.  If  the 
backup  module  fails,  the  switches  continue 
to  function  based  on  their  existing  address 
and  route  tables. 

Security  on  the  switches  includes  denial- 
of-service  protection  and  802. IX  port 
authentication  as  well  as  Access  Guardian, 
an  Alcatel-Lucent  feature  that  enables  set¬ 
ting  access  rights  for  groups  of  users.  The 
switches  can  work  in  conjunction  with  a 
separate  Alcatel-Lucent  application  called 
Quarantine  Manager  that  can  reset  the  vir¬ 
tual  LAN  assignment  for  a  port  generating 
suspicious  traffic  to  quarantine  the  device 
from  the  rest  of  the  network. 

The  switches  can  be  managed  individually 
via  browser-based  element  management  or 
under  Alcatel-Lucent’s  OmniVista  manage¬ 
ment  platform. They  can  also  be  managed  by 
the  company’s  Service  Aware  Manager  for 
carriers  that  use  the  devices  as  customer- 
premises  equipment. 

The  company  claims  the  switches  consume 
40%  to  50%  less  power  than  comparable  Cisco 
2960  and  3560  switches. 

Prices  for  the  OmniSwitch  6400  series 
switches  range  from  $2,000  to  $5,200.  ■ 


BY  JON  BRODKIN 

The  storage  market  is  thriving  despite  a 
tough  economy,  as  exploding  digital  infor¬ 
mation  growth  has  forced  customers  to  add 
more  capacity  and  upgrade  to  newer  stor¬ 
age  systems  that  are  faster  and  more  effi¬ 
cient,  analysts  say. 

“It’s  a  lot  easier  for  customers  to  put  off 
the  purchases  of  servers, some  software  and 
applications,  and  even  desktops  than  it  is  to 
put  off  storage  purchases,” says  Charles  King 
of  the  Pund-IT  analyst  firm. “Once  a  compa¬ 
ny  moves  into  the  digital  world  . . .  informa¬ 
tion  just  piles  up.  You’ve  got  to  have  some 
place  to  put  it.” 

Worldwide  disk  storage  shipments  will  dou¬ 
ble  in  capacity  every  two  years  through  2012, 
IDC  predicts.  Spending  on  disk  storage  is 
expected  to  top  $34  billion  four  years  from 
now.  The  most  important  force  behind  this 
growth  is  “the  emergence  of  content-rich 
business  applications  in  areas  such  as 
telecommunications,  media/entertainment, 
and  Web  2.0,”  IDC  reports. 

EMC  has  profited  from  this  spending  spree, 
reporting  20  consecutive  quarters  of  double¬ 
digit  revenue  growth. Storage  vendors  Brocade 
Communications  and  NetApp  each  reported 
double-digit  revenue  growth  in  their  most 
recent  quarterly  earnings. 

Customers  are  finding  new  storage  systems 
hard  to  resist  partly  because  read/write  perfor¬ 
mance  has  improved  significantly  more  than 
microprocessor  performance  has  for  several 
years,  King  says.“Customers  can  really  get  great 
bang  for  their  buck  in  buying  new  storage  sys¬ 
tems,”  he  says. 

Still,  IDC  analyst  Richard  Villars  says  he 
doesn’t  like  to  call  any  industry  recession- 
proof.  One  potential  weak  point  in  the  market 
is  its  reliance  on  storage-hungry  social  net¬ 
working  sites  such  as  MySpace,  YouTube  and 
Flickr.  If  the  social  networking  market  were  to 
suddenly  dry  up,  storage  vendors  would  lose 
some  revenue,  he  says. 

But  storage  vendors  have  done  a  good  job 
diversifying  their  offerings,  and  there  are  sev¬ 
eral  factors  fueling  growth  in  the  storage  mar¬ 
ket,  he  notes.  Customers  are  shifting  from  tape 
to  disk-based  backup,  in  order  to  gain  faster 
recovery  times.  Plus  digital  information  growth 
affects  many  industries.  Hospitals  are  storing  X- 
rays  and  other  medical  information  digitally 
while  media  companies  convert  music  and 
movies  to  digital  format,  he  notes.The  need  for 
increasingly  powerful  data  analytics  is  helping 
storage  vendors  too,  he  says. 

“People  have  increasingly  been  buying  stor¬ 
age  not  just  to  store  the  data  but  also  because 
they  want  to  parse  out  components”  for  analy¬ 


sis,  Villars  says.  “People  are  buying  storage  for 
lots  of  different  reasons.” 

The  lagging  economy  still  has  some  impact 
on  storage  buying,  however.  Customers  are 
realizing  they  don’t  need  maximum  perfor¬ 
mance  for  every  type  of  data,  so  many  busi¬ 
nesses  are  purchasing  inexpensive,  high- 
capacity  disks  to  store  information  that’s  not 
mission-critical. The  goal  is  to  provide  tiers  of 
storage  options,  some  optimized  for  perform¬ 
ance,  others  optimized  by  price. 

The  poor  economy  has  also  spurred  interest 
in  technologies  that  maximize  use  of  storage 
space,  such  as  thin  provisioning  and  data  de- 
duplication,  analysts  say  When  you’re  running 
out  of  storage  space, “simply  buying  more  disks 
isn’t  the  only  solution,”  King  notes. 

While  past  drivers  of  storage  growth  included 
data  protection  and  long-term  retention,  the 
goal  of  boosting  usage  rates  in  the  face  of  rapid 
data  growth  will  increasingly  result  in  cus¬ 
tomers  purchasing  spacesaving  technologies, 
IDC  says. 

In  addition  to  storagespecific  vendors  like 
EMC,  such  IT  companies  as  Cisco,  IBM,  HP  and 
Dell  are  investing  heavily  in  storage  and  having 
success,  King  says.  Sun  hasn’t  done  so  well,  he 
says,  but  Sun’s  problems  run  deeper  than  just 
storage.  (Sun’s  server  business  has  been  losing 
market  share  and  revenue  this  year.) 

A  new  crop  of  innovative  storage  vendors 
have  been  filing  IPOs,  Forrester  analyst  Andrew 
Reichman  wrote  in  a  report  last  November.The 
list  includes  3PAR,  BlueArc,  CommVault 
Systems,  Compellent  Technologies,  Data 
Domain,  Isilon  Systems,  Netezza  and  ONStor. 

Vendor  strategies  are  shifting  because  of 
emerging  technologies  such  as  solid-state  flash 
memory  and “cloud”storage, which  is  accessed 
over  the  Internet.  Both  technologies  could 
result  in  a  more  efficient  use  of  storage  space, 
but  that  wouldn’t  necessarily  slow  spending. 

Cloud  storage  “changes  the  calculation 
about  how  the  cost  of  storage  is  shared, ’’Villars 
says.  But  “the  cloud  people  still  have  to  buy  the 
storage.”  ■ 
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scale.  Besides  performance,  we  also  assessed  the  Nexus  in  terms  of 
features,  usability,  and  high  availability  and  resiliency  (see  “How  we  did 
it”  at  www.nwdocfinder.com/6452). 

Performance  turned  out  to  be  only  fair,  in  part  because  current  line 
cards  tap  just  a  fraction  of  the  switch’s  1 ,691Tbps  capacity  Resiliency  use¬ 
ful  features  and  a  modular  design  are  what  really  make  the  Nexus  switch 
an  interesting  contender  in  data-center  switching. 

The  layered  look 

While  modularity  has  long  been  a  part  of  chassis-based  switches,  the 
Nexus  extends  this  approach  with  a  layered,  redundant  approach  in 
both  hardware  and  software.The  switch  uses  a  mid-plane  design  with  as 
many  as  five  230Gbps  fabric  cards  and,  in  the  Nexus  7010  version  we 
tested,  as  many  as  eight  line  cards  and  two  management  cards.  A  larger 
7018  chassis,  due  to  ship  by  year-end,  will  support  as  many  as  16  line 
cards  and  as  many  as  512  10G  Ethernet  ports.  Significantly  targeting 
data-center  use,  Nexus  switches  also  support  Fibre  Channel  over  Ether¬ 
net  cards,  but  we  did  not  test  these. 

The  management  cards  are  beefier  than  those  on  current  high-end 
Catalyst  6500s,  featuring  dual-core  Xeon  processors  and  4GB  of 
memory.  A  new  operating  system,  dubbed  NX  OS,  takes  advantage  of 
the  extra  horsepower,  as  do  the  system’s  larger  routing  tables  and  vir¬ 
tualization  features. 

On  the  software  side,  NX  OS’s  modular  design  differs  from  Cisco’s  ven¬ 
erable  and  monolithic  IOS.  With  the  Linux-based  NX  OS,  each  Layer  2 
and  Layer  3  protocol  runs  as  a  separate  process.  If  there’s  a  problem 
with  one  process,  it  won’t  affect  other  parts  of  the  system  —  something 
our  test  results  demonstrated. The  switch  still  supports  the  familiar  IOS 
command-line  interface  (CLI),but  it  too  is  just  another  process. 

In  many  ways,  the  Nexus  CLI  is  a  better  IOS  than  IOS.  Longtime  Cisco 
users  will  appreciate  that  NX  OS  finally  supports  IPv4  addressing  using 
classless-inter-domain-routing  notation,  saving  many  keystrokes.  NX  OS 
also  allows  inline  configuration  editing  with  the  Unix  sed  (stream  edi¬ 
tor)  command. The  sed  command  enables  search-and-replace  editing 
of  a  configuration  file  from  the  command  line,  a  great  timesaver. 

Another  useful  improvement  is  the  inclusion  of  a  packet  capture  and 
decode  facility  The  CLI  has  commands  to  read  traffic  headed  to  and 
from  the  management  cards,  a  helpful  tool  in  troubleshooting.There’s  a 
tcpdump-like  decoder  available  from  the  command  line,  or  users  can 
save  captures  for  decoding  by  Wireshark. 

NX  OS  also  supports  virtualization  through  the  use  of  virtual  device 
contexts  (VDC),  allowing  up  to  four  complete  virtual  switches  to  be 
defined  on  a  single  platform.  As  with  process  separation,  the  VDCs  oper¬ 
ate  independently  (See  “How  To  set  up  VDCs”  in  an  online  blog  at 
www.nwdocfinder.com/6453.) 

All  about  uptime 

All  this  modularity  should  result  in  greater  uptime  and  resiliency  — 
something  most  network  managers  prize  even  above  high  perform¬ 
ance.  Accordingly,  in  our  tests  we  gave  the  greatest  weight  to  assess¬ 
ments  of  high  availability  and  resiliency 

We  reviewed  high  availability  with  two  tests  of  software  and  another 
of  hardware.  The  first  software  test  focused  on  the  Nexus  switch’s 
process-restart  capability.  We  configured  the  Spirent  Communica- 
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$687,000  as  tested 


Data  center  workhorse  switch  boosts  capacity, 
high  availability,  strong  features. 


Current  line  cards  come  nowhere  near  to  using 
switch  fabric  fully. 
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SCORECARD 

Action 
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10G  Ethernet  Layer  2  performance 
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(IPv4  unicast) 
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Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average; 
1:  Subpar  or  not  available. 


tions  TestCenter  traffic  generator/analyzer  to  bring  up  Open  Shortest 
Path  First  (OSPF)  adjacencies  on  all  256  Nexus  10G  Ethernet  ports, 
to  advertise  routes  to  more  than  50,000  networks  and  to  offer  traffic 
to  all  networks. 

While  traffic  was  flowing,  we  deliberately  killed  Nexus’ OSPF  process, 
then  watched  as  the  switch  automatically  restarted  the  process.  Not  a 
single  packet  was  lost,  and  no  change  was  visible  to  the  hundreds  of 
other  OSPF  routers  emulated  by  TestCenter. 

This  is  a  different  mechanism  than  OSPF  graceful  restart,  where  routes 
must  be  recalculated.  Process  restart  occurs  much  faster  (typically  in 
less  than  a  second)  so  that  no  change  in  routing  topology  is  visible  to 
other  routers. 

Our  second  set  of  software  resiliency  tests  involved  upgrading, 
then  downgrading  system  software  while  continuously  forwarding 
traffic,  a  key  capability  in  situations  where  no  downtime  is  accept¬ 
able.  In  both  upgrade  and  downgrade  tests,  we  changed  the  software 
image  on  the  first  management  card  and  watched  as  it  handed  over 
responsibilities  to  a  second  management  card,  then  upgraded  all 
line  cards.  A  complete  upgrade  took  nearly  45  minutes,  during 
which  the  Nexus  maintained  all  routing-table  entries  and  forwarded 
all  traffic  with  no  packet  loss. 

It’s  just  as  important  to  support  seamless  downgrades  as  upgrades. 
Indeed,  previous  experience  with  many  vendors’  routers  and  switches 
suggests  the  downgrade  path  is  a  lot  bumpier  than  the  upgrade  one. 
That  was  not  a  concern  with  the  Nexus  switch;  as  in  previous  tests,  we 
saw  no  changes  in  routing  and  no  packet  loss  during  a  downgrade. 

Cisco  claims  Nexus  offers  N+l  redundancy  with  as  few  as  two  fabric 
cards  in  place  for  gigabit  line  cards  or  as  few  as  three  cards  in  place  for 
10G  Ethernet  cards.  To  validate  those  claims,  our  final  resiliency  test 

See  Cisco,  page  22 
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Tracking  Nexus  7010  throughput 

Measured  across  256  10G  Ethernet  ports,  throughput  was  well  below  theoretical  line  rate  in  Layer  2  and  Layer  3  IPv4  uni¬ 
cast  and  Layer  3  IPv4  multicast  tests.  At  most,  the  Nexus  7000  moved  traffic  at  around  25%  of  line  rate  because  of  a  pack¬ 
et-lookup  bottleneck  in  current  line  cards. Throughput  measurements  expressed  in  frames  per  second. 
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involved  pulling  four  of  Nexus’  five  fabric 
cards  one  by  one,  while  continuing  to  offer 
traffic  to  all  256  10G  Ethernet  ports. 

Fabric  utilization  rose  as  we  removed  the 
cards,  but  there  was  no  packet  loss  with  two  of 
five  fabric  cards  left.  With  one  fabric  card  in 
place,  the  system  dropped  about  47%  of  traffic, 
but  that’s  because  our  traffic  load  oversub¬ 
scribed  the  fabric.  These  results  validate 
Cisco’s  redundancy  claims;  in  addition,  the  sin¬ 
gle-fabric  result  became  very  significant  in  our 
performance  tests. 

Throughput  and  delay 

Beyond  slick  features  and  high  availability, 
performance  —  moving  packets  to  their  desti¬ 
nations  as  fast  as  possible  —  is  often  the  main 
event  when  it  comes  to  routing  and  switching. 
It’s  tempting  to  think  256  10G  Ethernet  ports 
will  offer  virtually  unlimited  capacity  but  our 
results  suggest  that,  at  least  with  the  line  cards 
we  tested,  Cisco  still  has  work  to  do  when  it 
comes  to  removing  bandwidth  bottlenecks. 

We  measured  Nexus’  performance  with  sep¬ 
arate  tests  of  throughput  and  delay  for  Layer  2 
unicast,  Layer  3  unicast,  and  Layer  3  multicast 
traffic.  As  usual  with  such  tests,  we  configured 
TestCenter  to  offer  traffic  in  a  fully  meshed  pat¬ 
tern  among  all  256  ports  to  find  the  through¬ 
put  level. 

Throughput  tests  are  stressful  by  definition, 
but  we  added  to  the  burden  with  extra  moni¬ 
toring  and  management  functions  in  all  tests. 
We  set  500-line  QoS  and  7,000-line  security 


access-control  lists  on  each  line  card  and  en¬ 
abled  NetFlow  on  as  many  as  512,000  flows, 
the  maximum  Nexus  supports. 

Tests  of  Layer  2  and  Layer  3  IPv4  unicast  traf¬ 
fic  produced  virtually  identical  results,  with 
the  switch  achieving  throughput  of  up  to  476 
million  frames  per  second  (fps)  across  all  256 
10G  Ethernet  interfaces  (see  graphic, above). 

With  multicast  traffic  (50  sources  sending 
traffic  to  each  of  200  groups,  resulting  in  10,000 
multicast  routes),  throughput  was  slightly 
lower, topping  out  at  353  million  fps.  Expressed 
in  terms  of  bandwidth  usage,  the  Nexus  switch 
moved  up  to  79.52Gbps  across  each  of  eight 
line  cards  in  all  tests  (Layer  2,  Layer  3  and  mul¬ 
ticast),  for  a  total  of  around  636.16Gbps. 

These  numbers  are  far  below  the  theoretical 
line  rate,  and  nowhere  near  the  almost  1.7Tbps 
capacity  mentioned  earlier.  The  bottleneck  is 
in  the  current-generation  line  cards,  which  top 
out  at  just  less  than  60  million  lookups  per  sec¬ 
ond.  Cisco  says  higher-capacity  cards,  slated 
for  release  in  mid-2009,will  be  able  to  use  the 
full  fabric  capacity 

Given  that  fabric  capacity  vastly  exceeds  that 
of  the  current  line  cards,  the  throughput  re¬ 
sults  are  a  bit  like  what  you’d  get  from  putting 
the  wheels  from  a  Toyota  Prius  onto  a  Mack 
truck:  It’s  no  longer  efficient,  and  it  won’t  carry 
anywhere  near  as  much  as  it  could. 

To  get  a  more  complete  picture  of  what  the 
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switch  will  be  able  to  do  when  outfitted  with 
faster  line  cards,  we  did  some  calculations  to 
determine  effective  fabric  capacity  In  resiliency 
tests  with  a  single  fabric  card,  the  switch  for¬ 
warded  traffic  at  around  338Gbps.  Assuming 
results  scale  linearly  as  fabric  cards  are  added, 
that  means  Nexus  will  offer  as  much  as 
1.691Tbps  of  capacity  —  once  faster  line 
cards  are  available  to  take  advantage  of  it. 

We  also  measured  delay  —  the  amount  of 
time  the  switch  held  onto  each  frame.We  took 
these  measurements  at  10%  of  line  rate. 

With  the  exception  of  jumbo  frames,  average 
and  maximum  delays  for  all  frame  sizes  were 
less  than  50  microsec  (see  graphic,  below). 
That  kind  of  delay  is  unlikely  to  affect  even 
delay-sensitive  voice,  video  or  storage  applica¬ 
tions.  Jumbo  frames  took  longer  to  process, 
with  delays  from  74  microsec  (for  Layer  3  uni¬ 
cast)  to  412  microsec  (for  Layer  3  multicast). 
Bulk  data-transfer  applications  usually  aren’t 
very  sensitive  to  delay,  so  the  elevated  delays 
with  jumbo  frames  may  also  be  a  nonissue. 

It’s  too  easy  to  dismiss  the  performance  re¬ 
sults  from  these  tests  as  subpar,  but  that’s  over¬ 
simplifying  a  bit.  The  Nexus  7000  Series  is  a 
much  faster  switch  than  our  throughput  num¬ 
bers  suggest,  but  higher  performance  will  have 
to  wait  until  new  line  cards  ship  sometime  next 
year.  In  the  meantime,  the  new  switch’s  modular 
design  and  high-availability  and  virtualization 
features  make  it  very  much  worth  considering 
for  large  data-center  deployment. 

Newman  is  president  of  Network  Test,  an  inde¬ 
pendent  test  lab  in  Westlake  Village,  Calif.  He  can 
be  reached  at  dnewman@networktest.com. 


Tracking  Nexus  7010  delay 

Measured  across  256  10G  Ethernet  ports,  average  and  maximum  delays  for  unicast  and  multicast  traffic  were  generally 
less  than  50  microsec,  well  below  the  point  where  application  performance  might  suffer.  All  delays  expressed  in  microsec. 
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The  last  pre-Internet  Olympics? 


The  Olympic  spectacle  and  achievements 
are  over  for  the  next  two  years.  It  was  quite 
a  show  —  very  beautiful  opening  and 
closing  ceremonies  (no  way  for  Vancouver  and 
London  to  even  match  them),  also  beautiful 
venues  and  some  exciting  competition.  I  know 
this  because  1  watched  it  on  TV. 

Next  time  1  expect  I  will  know  the  quality  of 
the  ceremony  and  competition  because  I  will 
see  it  first  on  the  Internet,  and  some  of  it  later 
on  TV 

This  time  around  I  did  not  even  think  of 
checking  out  the  streaming  video  coverage  —  there  were  some  good 
things,  but  not  nearly  enough.  NBC  provided  the  exclusive  TV  cover¬ 
age  (or  at  least  they  kept  the  other  TV  outlets  to  only  providing  snip¬ 
pets  of  coverage).  Published  reports  put  the  cost  to  NBC  for  this  exclu¬ 
sivity  at  $894  million,  plus  millions  more  in  coverage  expenses.  Spend¬ 
ing  close  to  a  billion  dollars  for  the  coverage  rights  seems  to  have 
paid  off  for  NBC  because  it  sold  about  $1  billion  in  advertising  for  the 
two  weeks  for  a  profit  of  close  to  $100  million.  But  only  $5.75  million 
came  from  the  Internet. 

This  was  still  a  made-primarily-for-TV  Olympics  —  maybe  the  last 
such  one. 

After  the  Olympics  were  over  1  took  a  look  at  the  NBC  Olympic 
video  Web  site.  It  is  rather  annoying  that  you  have  to  install  the  Micro¬ 
soft  Silverlight  plug-in  before  you  can  look  at  the  videos  (something 
that  I  expect  eliminated  a  lot  of  non-techies  from  the  potential  audi¬ 
ence)  but  I  will  say  the  videos  look  rather  good  when  you  (finally)  get 
to  them. The  site  has  a  lot  of  videos  on  it.They  seem  to  cover  all  of  the 
sports  at  the  games  but  some  of  the  editing  leaves  a  lot  to  be  desired. 


For  example,  there  is  about  eight  minutes  of  random  overhead  at  the 
beginning  of  the  hour-and-52  minute  video  of  the  women’s  individual 
event  quarterfinals  in  archery  and  it’s  10  minutes  into  the  video  before 
the  first  shot  is  fired  (I  chose  this  video  at  random).  NBC  also  does  not 
need  the  quite  disruptive  Olympic  rings  graphic  zooming  across  the 
screen  when  starting  and  stopping  replays  but  I  guess  they  learned 
that  technique  from  TV  football  coverage. 

But  with  all  the  good  technology  (and  bad  editing)  NBC  is  appar¬ 
ently  a  timorous  beast  (maybe  NBC  stands  for  Not  Being 
Courageous).  It  was  afraid  to  put  most  high  profile  videos  up  before 
they  showed  the  competition  during  its  primetime  TV  coverage 
(which  tended  to  be  very  fragmented,  jumping  from  sport  to  sport). 
Somehow  NBC  must  have  thought  that  people  watching  a  5  x  8.5 
inch  video  of  the  opening  ceremony  on  their  PC  would  skip  watch¬ 
ing  it  on  their  living  room  TV  set.  (Or  maybe  they  realized  that  watch¬ 
ing  “as  if  you  were  there  coverage”  without  inane  paid-by-the-word 
announcers  would  spoil  the  viewers.) 

Whatever  the  reason  that  drove  NBC  to  avoid  giving  their  viewers 
better  coverage,  I  doubt  it  will  happen  next  time.This  was  the  last  pre- 
Internet  Olympics  and  Vancouver  in  two  years  will  be  very  different, 
with  the  primary  coverage  for  the  lesser  teams  or  sports  being  shown 
live  via  the  Internet.  I  expect  there  still  will  be  a  lot  of  TV  coverage, 
and  that  will  generate  far  more  ad  revenue,  but  Internet  ad  revenue 
will  become  the  key  to  NBC  making  a  profit  on  future  Olympics. 

Disclaimer:  Except  for  its  investments,  Harvard  does  not  aim  for  a 
profit  so  would  not  have,  and  does  not  have,  an  opinion  on  NBC’s 
timidity 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 
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The  many  modes  of  communication 


Every  now  and  then  you  realize  you’ve 
been  using  a  word  without  thinking  about 
what  it  really  means.  Take  “communica¬ 
tion”:  It  means  vastly  different  things  depend¬ 
ing  on  the  context.  Communications  applica¬ 
tions  include  e-mail,  instant  messaging  and 
video.  Communications  infrastructure  includes 
everything  from  IP  routers  to  satellite  networks 
and  phones.  And  in  a  relationship,  there’s 
always  the  dread  phrase, “Sweetie,  we  need  to 
communicate  more.” 

So  what  does  communication  really 
mean?  In  its  broadest  sense,  to  communi¬ 
cate  means  to  generate  images  and  ideas  in 
the  mind  of  another  being  (not  necessarily  a  human  one).  When 
you  say  “biscuit”  and  your  dog  wags  his  tail  and  starts  drooling  — 
you’ve  communicated. 

But  there’s  a  bit  more.The  concept  of  communications  generally 
implies  that  the  intended  message  has  been  received  more  or  less 
accurately. To  twist  the  old  adage,  if  you  post  a  sign  on  a  tree  in  the 
forest,  and  nobody  sees  it  —  you  may  have  expressed  yourself,  but 
you  haven’t  communicated.  Or  if  you  say  “biscuit”  and  your  dog 
runs  to  the  door  with  his  leash  in  his  mouth  —  again,  you  haven’t 
communicated. 

All  great  stuff,  but  why  does  this  matter  to  network  managers?  Simply 
this:  if  you’re  in  the  business  of  crafting  a  communications  strategy  for 
your  organization, you’ll  want  to  be  clear  on  what  that  encompasses. 
Take  the  notion  of  “accurate  receipt  of  communications.”  If  senior 
management  is  expecting  E91 1  capabilities  (any  call  for  help  is  guar¬ 
anteed  to  go  through  to  emergency  services),  and  your  VoIP  system 
doesn’t  have  91 1  support  —  you’ll  need  to  revisit  the  requirements. 


Another  question  in  this  context  is  how  long  communications  ser¬ 
vices  are  expected  to  remain  functional  in  the  event  of  a  power  out¬ 
age.  This  affects  power  and  backup  engineering  for  every  facility 
including  the  data  center  and  all  branch  offices. 

At  a  broader  level,  it’s  important  to  understand  what’s  in  folks’  minds 
when  it  comes  to  a  communications  strategy  What  information  needs 
to  be  available,  to  whom,  and  in  what  timeframe?  Do  remote  users 
need  access  to  interactive  video?  Or  is  data  sufficient?  What  about 
integrated  application  access?  Which  users  need  to  be  presence- 
enabled? 

There’s  also  the  question  of  distance.  It’s  worth  noting  in  this  context 
that  if  you’ve  communicated  enough  information  in  the  right  detail 
across  a  long  distance, you’ve  essentially  made  physical  interactions 
geographically  independent. 

Take  faxes:  The  huge  advantage  to  faxing  a  document  is  the  ability 
to  enable  people  to  sign  documents  remotely  (and  instantaneously). 
Telemedicine  is  another  example:  Doctors  can  remotely  operate  on 
patients.  Or,  more  esoterically,  the  phenomenon  of  quantum  entangle¬ 
ment  may  one  day  make  it  possible  to  teleport  around  the  galaxy  (see 
www.nwdocfinder.com/6434  if  you’re  interested). 

Again,  this  has  a  practical  implication  for  IT  execs.Think  in  terms  of 
communications  technology  to  enable  physical  interactions  to  be 
come  geographically  independent.  Under  what  circumstances  is  phys¬ 
ical  presence  required  today  —  and  how  can  technology  make  that 
requirement  obsolete? 

The  bottom  line?  Sometimes,  it  pays  to  think  about  the  many  mean¬ 
ings  of  an  ordinary  word. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research ,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 


EYE  ON  THE 

CARRIERS 

Johna  Till  Johnson 
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Securing  virtualized  data  centers 

How  cross-platform  virtual  security  can  accelerate  server  virtualization  benefits 


TECH  UPDATE 

H  An  inside  look  at  technologies  and  standards 


BY  RYAN  MALONE 

While  server  virtualization  increases  operational  efficiencies  and 
management  flexibility  and  reduces  total  cost  of  ownership,  it  can 
also  increase  security  risks. 


According  to  Gartner,  60%  of  virtual 
machines  (VM)  will  be  less  secure  than  their 
physical  counterparts  through  2009.  The  secu¬ 
rity  challenges  include: 

•  IP  address  dependency:  In  a  virtualized  en¬ 
vironment,  IP  addresses  often  change  as  VMs 
are  created,  retired  or  migrated  from  one  phys¬ 
ical  host  to  another,  causing  problems  in  tradi¬ 
tional  protection  mechanisms. 

•  Virtual  machine  sprawl:  VMs  are  easily  ere 
ated  from  previously  existing  images,  often  in¬ 
troducing  a  large  number  of  VMs  that  are  not 
properly  maintained  or  are  based  on  images 
with  known  vulnerabilities.  Successful  attacks 
on  vulnerable  VMs  can  serve  as  a  launch  pad 
to  attack  other  virtual  machines. 

•  Inability  to  monitor  intrahost  traffic:  Server 
virtualization  introduces  the  concept  of  a  “soft 
switch”  to  allow  VMs  to  communicate  with 
each  other  inside  a  single  host.  Special  tools 
are  required  to  monitor  and  protect  these  com¬ 
munications,  and  options  are  limited. 

•  Silo  approach  to  security  policy:  Unfortu¬ 
nately,  many  security  vendors  take  a  silo 
approach  to  security,  recommending  different 
solutions  with  different  management  require¬ 
ments  for  each. 

In  a  recent  interview  with  Network  World, 
Gartner  analyst  Neil  MacDonald  said,  “Most 
security  problems  in  the  virtual  world  will  be 
introduced  through  misadministration,  mis¬ 
management  or  just  plain  old  mistakes.  The 
fact  that  we  use  different  tools  in  the  physical 
world  than  the  virtual  world  compounds  that 
problem.” 

Given  the  challenges  that  must  be  addressed 
to  realize  the  benefits  of  server  virtualization,  a 
new  approach  is  needed, a  cross-platform  solu¬ 
tion  that  can  secure  both  virtual  and  physical 
environments.  Cross-platform  virtual  security 
tools  can  help  organizations  impose  dynamic 


Got  great  ideas? 

■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you’ve 
got  one,  and  want  to  contribute  it  to  a 
future  issue,  contact  Editor  in  Chief 

John  Dix  (jdix@nww.com) 


security  policies  across  data  centers  and  elim¬ 
inate  the  tradeoff  between  the  benefits  of  vir¬ 
tualization  and  maintenance  of  strong  security 

Management  consoles  for  cross-platform  vir¬ 
tual  security  tools  should  be  able  to  be  de¬ 
ployed  anywhere  on  the  network  and  should 
offer  delegated  authority  to  maximize  flexibil¬ 
ity  They  typically  write  detailed  log  data  to  sys- 
log  and  Windows  events  log,  and  that  eases  the 
job  of  integrating  the  tools  with  existing  man¬ 
agement  controls. 

Eliminating  the  IP  address  dependency  of 
security  policy  cross-platform  virtual  security 
ensures  policies  are  enforced  regardless  of  the 
location  or  platform  of  the  machine.  Security 
administrators  can  eliminate  operating  ex¬ 
penses  associated  with  rules  changes.  In  fact, 
policy  is  enforced  and  persistent  in  a  variety  of 
situations,  including: 

•  When  physical  servers  and  endpoints  are 
moved  to  different  locations  on  the  network. 

•  Physical  servers  and  endpoints  are  con¬ 
verted  to  VMs. 

•  VMs  —  live  or  cold  —  migrate  from  one 
physical  host  to  another. 

Cross-platform  virtual  security  places  physi¬ 
cal  machines  and  VMs  into  logical  security 
zones  and  protects  against  VM  sprawl  by  ensur¬ 
ing  rogue  VMs  are  not  members  and  cannot 
communicate  with  security  zones  of  which 
they  are  not  a  member.  In  fact,  they  don’t  even 
see  them.  By  strictly  controlling  access  to  each 
zone,  the  attack  surface  area  for  compromised 
VMs  is  greatly  reduced. 

The  cross-platform  approach  is  typically 
based  on  a  distributed,  peer-to-peer  archi¬ 
tecture  that  allows  scalability  to  hundreds  of 
thousands  of  instances.  Policy  management  is 
completed  en  masse,  updating  some  or  all  end¬ 
point  policies  with  just  a  few  mouse  clicks. 

Other  benefits  include: 

•  Eliminates  the  management  complexities 
caused  by  a  silo  approach  to  data  center  secu¬ 
rity,  protecting  hosts  through  a  single  console. 

•  Satisfies  regulatory  compliance  without  re 
configuring  the  network. 

•  Eliminates  operational  costs  associated 
with  firewalls  and  virtual  LANs. 

•  Leverages  a  distributed  architecture  to 
eliminate  bottlenecks  and  single  points  of 
failure. 

When  evaluating  a  cross-platform  virtual 


security  solution,  consider  these  requirements: 

•  Cross-platform  support  (virtual  and  physi¬ 
cal):  The  ideal  solution  will  support  x86  oper¬ 
ating  systems  common  in  virtualized  environ¬ 
ments  as  well  as  other  common  and  less-com¬ 
mon  architectures,  such  as  Solaris,  ADC,  HP-UX, 
RedHat,  Windows  and  IP-based  non-server 
devices. 

•  Not  dependent  on  IP  addresses:  The  ideal 
solution  should  enforce  security  policy  regard¬ 
less  of  the  IP  address  of  the  computer,  ensuring 
policy  persistence  in  the  event  of  migration  or 
physical  movement. 

•  Isolation  of  VMs  on  the  same  physical  host: 
To  protect  VMs  from  vulnerabilities  introduced 
with  VM  sprawl,  the  ideal  solution  should  be 
capable  of  isolating  VMs  from  other  VMs  on  the 
same  physical  hosts. 

•  Scales  easily:  To  support  growth  without  in¬ 
troducing  bottlenecks, seek  solutions  that  oper¬ 
ate  on  a  distributed  architecture. 

•  Selective  encryption:  Look  for  a  solution 
that  offers  selective  encryption  based  on  pol¬ 
icy,  rather  than  an  all-or-nothing  approach  to 
maximize  performance/protection. 

•  Centralized  management:  To  take  advan¬ 
tage  of  management  efficiencies,  seek  a  solu¬ 
tion  that  provides  a  single  point  of  security 
management. 

•  Host-based  implementation: To  achieve  the 
most  granularity  and  mobility  with  regard  to 
security  policy  seek  a  solution  that  enforces 
policy  at  the  host. 

•  Transparent  to  infrastructure  and  applica¬ 
tions:  To  minimize  deployment  time  and  com¬ 
patibility  issues,  the  ideal  solution  should  be 
transparent  to  the  network  and  applications. 

•  Robust  activity  and  audit  logging:The  ideal 
solution  should  log  detailed  activity  data  and 
create  an  audit  trail  for  servers  and  endpoints 
as  well  as  administration  consoles. 

•  Certificate-based  authentication:  Seek  a 
solution  that  uses  X.509  v3  certificates  to  en¬ 
sure  operator  credentials  cannot  be  spoofed. 

The  operational  and  economic  benefits  of 
server  virtualization  are  undeniable.  Cross-plat- 
form  virtual  security  eliminates  the  trade-off 
between  server  virtualization  benefits  and 
strong  security,  deploying  a  logical  security 
model  that  spans  both  physical  and  virtual 
data  centers  and  remains  persistent  with  VM 
migration.  In  short,  cross-platform  virtual  secu¬ 
rity  enables  organizations  to  fully  embrace  the 
transition  to  server  virtualization  while  simpli¬ 
fying  their  security  policy  enforcement. 

Malone  is  vice  president  of  marketing  and 
business  development  at  Apani.  He  can  be 
reached  at  rrnalone@apani.com. 
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With  the  world’s  data  growing  exponentially,  storage  virtualization  from  IBM  is  a  great 
way  to  gain  control,  improve  flexibility  and  store  your  information  in  a  responsible,  energy- 
efficient  way.  IBM  System  Storage  "  SAN  Volume  Controller  can  reduce  storage  growth  up 
to  20%  and  improve  utilization  by  as  much  as  30%.  Couple  that  with  IBM  Tape  Solutions 
and  you  have  a  truly  comprehensive  plan  to  manage  your  info  over  its  lifecycle.  Some 
companies  have  seen  their  total  cost  of  ownership  reduced  by  as  much  as  40%!  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 
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SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD 
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Get  the  green  storage  whitepaper  at  ibm.com/green/info 
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Green  IT  is  just  good  business 

Yes,  the  energy  savings  are  nice;  buFfor  Deloitte  CIO  Larry 
Quinlan,  green  IT  is  just  part  of  running  an  efficient  IT  shop 


BY  PAUL  DESMOND 
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Senior  Vice 
President  and 
CIO  Michael 
Gorrell  says 
EBSCO  Pub¬ 
lishing  is  exploring  a  variety  of 
green  options,  from  solar,  wind 
and  hydro  to  blades  and  virtu¬ 
alization.  Page  32. 


You're  building  a  new 
data  center  in  Dallas. 
What  are  some  of  the 
green  initiatives 
you're  implement¬ 
ing  there? 

One  is  reducing 


aving  on  energy  costs  is 
obviously  a  good  thing, 
but  to  Larry  Quinlan, 
CIO  at  the  consulting 
firm  Deloitte  LLR  green  IT  sim¬ 
ply  makes  good  business  sense. 
u If  you  run  green  IT  right,  you 
will  end  up  with  a  vastly  superi¬ 
or  IT  organization,”  Quinlan 
said  during  his  keynote  address 
at  the  recent  Network  World  IT 
Roadmap  event  in  Atlanta,  in 
which  he  described  green  IT  as 
one  of  five  technologies  that 
will  change  IT.  From  reducing 
demand  for  IT  resources  to  thin 


laptops,  Quinlan  has  no  short¬ 
age  of  ideas  about  how  to 
make  green  IT  deliver  on  multi¬ 
ple  fronts. 


How  does  green  IT  help  you  create  a  supe¬ 
rior  IT  organization? 

To  run  IT  well,  you  want  streamlined,  effi¬ 
cient,  cost-efficient  operations;  and  green  IT 
gets  you  exactly  that.  Think  about  elements  of 
green  IT,  such  as  server  consolidation.  OK, 
great,  you  save  electricity  But  you  also  save  on 
people,  you  save  on  moving  parts,  on  leasing 
administration;  you  save  on  the  software  that 
goes  on  those  servers,  you  increase  your 
uptime  percentages.  Your  security  posture 
improves  because  of  the  smaller  number  of 


devices  you  have  to  keep  in  compliance.That’s 
just  one  example  of  how  green  IT  will  actually 
make  operations  better. 

Another  aspect  of  green  IT  that  we ’re  looking 
at  is  use  of  printing. Were  moving  from  a  free 
for-all  —  with  everybody  having  personal 
printers,  lots  of  different  kinds,  wasting  paper 
—  to  using  larger,  more  effective  devices  that 
cost  less  per  page.  We’ll  take  the  number  of 
printers  down  significantly  in  some  cases  by 
more  than  100%,  by  centralizing  printers.  One 
aspect  of  it  is  reduced  use  of  electricity  but  it 
also  means  fewer  devices  we  to  have  to  man¬ 
age,  fewer  annoying  phone  calls  about  printers 
out  of  toner,  fewer  people  managing  them,  bet¬ 
ter  output,  better  quality  and  less  downtime. 


“In  some  Gases  you  realize 
a  request  for  10  different 
systems  could  really  be  met 
by  two  systems,”  says 
Deloitte  CIO  Larry  Quinlan. 

“If  vou  can  demonstrate  how 
to  fix  a  process,  maybe  you 
don’t  need  the  system  at  all.” 


You  talked  about  the  need  to  reduce  operat¬ 
ing  costs  and  demand  for  computing 
resources.  How  do  you  reduce  demand? 

The  first  way  we  deal  with  demand  is  by 
actually  understanding  it.  People  ask  for  all 
kinds  of  applications,  which  then  drive  the 
need  for  all  kinds  of  servers  and  system- 
development  efforts.  By  really  understanding 
what  people  are  asking  for,  by  assigning  folks 
to  understand  the  business  and  the  business 
processes,  we  get  a  good  feel  for  what  we 
ought  to  do.  So,  in  some  cases  you  realize  a 
request  for  10  different  systems  could  really 
be  met  by  two  systems.  In  some  cases,  if  you 
can  demonstrate  how  to  fix  a  process,  maybe 
you  don’t  need  the  system  at  all.  If  you  put  in 
place  platforms  that  allow  things  like  collab¬ 
oration,  then  you  move  away  from  one-off 
systems  to  deal  with  each  request,  and 
instead  build  on  top  of  these  platforms.  Don’t 
have  eight  different  CRM  systems;  change  the 
business  process  such  that  you  have  one 
CRM  system.  Those  are  all  techniques  we’re 
using  to  get  across  the  goal  line. 

Other  aspects  of  demand  affect  green 
IT,  such  as  the  demand  for  paper. 

On  some  printers  we’re  making 
duplex  the  default  for  printing. 

Because  people  won’t  bother 
to  change  the  default, you  im¬ 
mediately  decrease  the  de¬ 
mand  for  paper  and  for 
power.  Those  are  some  of 
the  areas  we  look  at. 


power  consumption.  There  are  several  stan¬ 
dards  you  use  to  get  a  building  LEED-certified 
[Leadership  in  Energy  and  Environmental 
Design,  a  Green  Building  Rating  System  devel¬ 
oped  by  the  U.S. Green  Building  Council], and 
we’re  implementing  those  standards.  They 
cover  how  we  deal  with  power,  for  example; 
and  the  concept  of  using  water-cooling  tech¬ 
nology  to  ensure  less  heat  emission  is  some¬ 
thing  that’s  important  to  us.  We  want  to  reduce 
the  number  of  file  servers  from  the  very  begin¬ 
ning  by  at  least  20%  compared  with  existing 
implementations.  We’ll  use  blade  server  tech¬ 
nology  as  opposed  to  normal  servers,  so  it  will 
be  all  blades.  We ’re  reducing  backup  tapes  and 
then  also  dealing  with  data  center  waste  and 
disposal,  partnering  with  companies  that  will 
take  our  e-waste  and  dispose  of  it  appropriately 
or  recycle  it.  That  includes  any  computers  that 
weren’t  leased  or  aren’t  going  back  to  vendors, 
peripherals  and  so  forth. 

The  data  center  was  one  of  four  compo¬ 
nents  of  your  green  IT  initiative,  along 
with  office  computing,  education  and 
awareness,  as  well  as  user  computing. 
Let's  start  with  the  user  computing  initia¬ 
tive  -  what  does  that  entail? 

We’ve  got  a  PDA  recycling  program  where 
we  ask  people  to  bring  in  their  old  PDAs  so 
they  don’t  end  up  in  landfills.  Pretty  soon, 
we’re  going  to  require  that  they  bring  in  their 
old  PDA  to  get  a  new  one.  Virtualization  of 


laptops  is  another  area.  One  of  the  questions 
we’re  asking  ourselves  is,  do  we  have  an 
opportunity  to  virtualize  laptops  and,  by  using 
resources  in  the  data  center,  have  45,000-plus 
laptops  draw  less  power?  Can  we  move  to 
much  thinner  devices?  Because  we’ll  have 
ubiquity  of  communications,  we’ll  always  be 
connected.  So,  can  we  have  devices  that  are 
more  energy  efficient,  while  at  the  same  time 
not  have  to  worry  about  how  to  manage  soft¬ 
ware  and  patching  and  all  of  those  things?  If 
we  can  pull  that  off,  that’d  be  another  perfect 
example  of  green  IT  concepts  resulting  in  a 
more  cost-effective  IT  organization.  But  1  think 
it  will  be  at  least  a  couple  of  years  before  we 
can  convert  laptops  into  just  thin  devices 
accessing  the  network. 

I  understand  you’re  also  looking  at  energy- 
efficient  screen  savers? 

Those  are  relatively  small  things, but  for  45,000 
laptops,  rolling  out  screen  savers  that  turn  the 
monitors  off  will  save  some  power.Another  idea 
is  using  laptop  power  management  software 
that  spins  down  the  screen  and  the  hard  drive. 
There’s  a  big  difference  between  45,000  laptops 
spinning  down  the  drives  after  five  minutes  of 
non-use  as  opposed  to  after  20  minutes. 

What  are  some  of  the  components  of  the 
practice-office  initiative? 

The  move  away  from  personal  printers  to 
more  energy-efficient  devices  with  duplex  print¬ 


ing  is  one  aspect.  Wireless  network  deployment 
is  another.  By  putting  wireless  everywhere,  we 
could  reduce  the  number  of  Ethernet  switches 
in  the  closets  and  reduce  power.  We’re  also 
going  to  reduce  the  amount  of  cable  that  we  run 
into  our  new  locations  and  renovations  by  50%, 
and  that’s  also  where  green  comes  in  —  less 
copper,  less  waste,  less  cabling  that  ends  up  in 
landfills  and  in  buildings. 

Videoconferencing  is  another  one  we’re 
spending  quite  a  bit  of  money  on.We’re  putting 
in  high-definition,  immersive  videoconferenc¬ 
ing.  Some  of  these  rooms  are  large:  They  can 
hold  20  people.  They  really  allow  us  to  bring 
travel  down.  In  addition,  we’re  moving  to  video- 
conferencing  all  the  way  to  the  desktop.  We’re 
putting  in  travel  scorecards  to  track  how  many 
trips  are  being  taken  and  the  travel  metrics. 
We  really  want  to  see  some  reduction  as  a 
result  of  our  videoconferencing  deployments. 

What  about  your  education  and  awareness 
initiatives? 

We’ve  got  Web  sites  going  to  get  the  aware¬ 
ness  messages  out  there.  We  have  a  variety  of 
leadership  meetings  across  the  country  and 
green  IT  is  now  one  of  the  things  we’re  high¬ 
lighting.  We’ll  have  a  booth  there  that  tells  peo¬ 
ple  about  the  various  initiatives. 

What  has  been  the  reaction  so  far  to  some 
of  those  user-facing  initiatives,  like  the  PDA 
recycling?  How  are  people  taking  to  it? 

People  actually  love  this  stuff.  We’ve 
designed  a  program  that  is  palatable  to  every¬ 
one.  The  only  two  that  require  them  to  do  any¬ 
thing  are  the  PDA  recycling  —  and  who’s  going 
to  complain  about  that?  We  gave  you  a  free 
PDA  and  now  we’re  saying,  bring  it  back  so  you 
can  get  a  new  one;  and  oh,  by  the  way  we’re 
going  to  save  the  earth  when  you  do.  The  big 
one  is  getting  people  accustomed  to  duplex 
printing.  But  the  fact  that  we’re  making  it  the 
default  on  many  of  our  devices  just  makes  it 
easy  Once  you  get  over  the  “1  got  to  remember 
to  look  at  the  other  side  of  the  page,”  it 
becomes  OK. 

Our  goal  is  simply  year-by-year  to  improve 
all  of  our  operations.  We’re  going  through 
some  methodologies  now  to  determine  car¬ 
bon  footprints  and  such,  but  we  are  not  going 
to  let  that  drive  us.  We  are  not  going  to  be  in 
the  press  like  others  —  saying,  we  moved 
from  X  carbon  footprint  to  X  and  when  you 
dig  into  the  details  you  find  they  contributed 
$10  million  to  planting  trees  somewhere  to 
do  carbon  offsets.  We’re  not  into  that  game. 
We  truly  want  to  go  through  and  do  all  of 
these  things  [to  conserve  energy], And  as  the 
industry  and  other  research  reveals  other 
areas  where  we  can  conserve,  we  want  to  do 
those  things  as  well.  We’re  much  more  into 
that  than  we’re  into  tree-planting. 

Desmond  is  events  editor  for  Network  World 
and  president  of  PDEdit,  an  IT  publishing  com¬ 
pany  in  Southborough,  Mass.  Reach  him  at 
paul@pdedit.  com. 


Getting  Personal:  Larry  Quinlan 


Title: 

CIO 

Organization: 

Deloitte  LLP 

Responsibilities: 

As  CIO,  he's  responsible  for  all  technology;  in  his  role  as  national 
managing  principal  for  process  excellence,  he’s  responsible  for 
continuous  process  improvement  using  Six  Sigma  and  other 
methodologies. 

Number  of  IT  staff: 

1,300  people  in  the  United  States. 

Education: 

MBA,  Baruch  College,  City  University  of  New  York;  B.S.,  University 
of  the  West  Indies. 

Previous  jobs: 

20  years  with  Deloitte,  starting  as  a  systems  analyst. 

First  PC: 

Tandy  1000,  from  Radio  Shack. 

Home  network: 

Wired  and  wireless  network  with  four  laptops,  two  desktops  and  a 
couple  of  iPhones;  and  an  entertainment  system  that  includes 
music  and  AppleTV.  “I've  digitized  my  entire  music  collection,  over 
500  CDs,  and  using  the  wireless  network,  1  can  now  play  any  song 
anywhere  in  the  house  across  the  network." 

First  internet 
experience: 

Very  slow  dial-up-modem  access  at  home  for  school  research. 

Words  to  live  by: 

“Two  things:  First,  1  tell  people,  you’ve  got  to  be  known  for  some¬ 
thing  —  some  specialty,  something  that  people  can  rely  on  you  for. 
The  second  thing  1  always  say  is,  you’ve  got  to  help  people.  In  many 
cases,  if  you’re  honest  with  yourself  and  you  look  back  at  your 
career,  you'll  find  that  you  succeeded  because  somebody  helped 
you.  So,  it’s  part  of  our  job  as  leaders:  You’ve  got  to  help  people.” 
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Go  green  and  lower  operational  costs  by  adapting  to  the  way  people  actually  want  to  work. 
How?  With  IBM  collaboration  software  and  services.  It’s  truly  col  aborative  technology  that 
connects  people  faster,  wherever  they  are  in  your  company  or  ir  the  world,  which  means 
less  commuting,  less  jet  fuel,  less  energy,  less  money.  And  IBM^oftware  gives  you  advanced 
deduplication  and  data  compression  features,  lowering  the  energy  and  space  costs  of  your 
collaboration  infrastructure  by  as  much  as  half.  A  greener  world  starts  with  greener  business. 
Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

See  the  green  demo  at  ibm.com/green/collaboration 
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I8M.  the  IBM  logo  and  tbm.com  are  trademarks  of  International  Business  Machines  Corporation,  registered  in  many  jurisdictions  worldwide.  A  current  list 
Web  at  "Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml.  ©  2008  IBM  Corporation.  All  rights  reserved. 


Making  a  power  play 


EBSCO  Publishing  is  exploring  all  avenues  that  lead  to  green  —  from  solar,  wind 
and  hydro  to  blades,  virtualization  and  effective  data  center  design 


BY  PAUL  DESMOND 

BSCOhost  is  a  fee-based 
research  service  that  pro¬ 
vides  libraries  in  North 
America  access  to  more 
than  20  million  articles  from 
20,000-plus  journals  and  maga¬ 
zines,  all  driven  from  two  data 
centers  in  Ipswich,  Mass.  The 
data  centers  are  owned  and 
operated  by  EBSCO  Publishing, 
the  second-largest  business  unit 
of  EBSCO  Industries,  which  is 
one  of  the  largest  privately  held 
firms  in  the  Fortune  500.  Michael 
Gorrell,  senior  vice  president  and 
CIO  at  EBSCO  Publishing, 
explains  that  green  IT  principles 
are  fundamental  to  helping  the 
company  keep  up  with  sales 
growth  averaging  26%  per  year 
for  the  last  three  years ,  and  200% 
annual  storage  growth  without 
equivalent  growth  in  computing 
and  data  center  infrastructure. 

Gan  you  give  me  a  sense  of  what  your  data 
centers  look  like? 

We  have  400  servers  combined,  and  the  data 
centers  are  about  8,000  square  feet  combined. 
We  use  APC  power  structure  racking  systems, 
which  have  integrated  UPS,  as  well  as  all  the 
cabinetry  wiring  infrastructure  and  so  forth. 
Both  data  centers  are  supported  by  multiple 
generators  in  a  series,  so  if  one  generator  fails, 
there’s  another  to  support  it  in  backup  mode. 
All  EBSCO  Publishing’s  revenue  comes  from 
our  EBSCOhost  service.  It’s  used  worldwide, 
available  24/7,  with  zero  downtime  and  zero 
maintenance  windows. 

What  is  driving  your  green  IT  initiatives? 

We’re  good  business  people,  and  when  you 
spend  less  on  energy, you  spend  less  altogether, 
so  that’s  good.  And  when  you  spend  less  on 
floor  space,  you  have  to  build  fewer  buildings. 
We  own  our  buildings,  so  that  makes  good 


business  sense. We’re  also  very  committed  envi¬ 
ronmentally  We’ve  done  some  things  that  are 
environmentally  proactive  but  not  necessarily 
financially  attractive.  We  installed  solar  panels 
on  our  roofs,  and  because  of  the  area  of  the 
country  that  we’re  in,  they  don’t  have  the  kind 
of  payback  that  we’d  normally  like  to  see  in  a 
business  opportunity  but  we  felt  it  was  the  right 
thing  to  do.  We  just  got  an  award  in  May  from 
the  [Environmental  Protection  Agency],  a 
commendation  for  our  efforts  in  the  environ¬ 
mental  arena.  Our  market  is  librarians  and 
libraries  and  academic  institutions,  so  doing 
things  for  the  greater  good  is  something  that 
we’re  very  much  in  tune  with. 

To  what  extent  was  your  rather  impressive 
growth  driving  some  of  these  initiatives? 

When  you  start  adding  servers  based  on  the 
growth  that  we’re  seeing,  especially  when  you 
add  more  and  more  disk  storage  that  is  dispro¬ 
portionately  big,  [you  can  quickly]  run  out  of 
floor  space.  And  not  only  floor  space,  but  cer¬ 
tain  power  panels  can’t  feed  any  more  elec¬ 
tricity  and  HVAC  units  can’t  blow  any  more 
BTUs’  worth  of  cooling.  As  we  continue  to  grow, 
we  could  see  that  if  we  didn’t  do  something  dif¬ 


ferent,  we’d  be  faced  with  building  another 
data  center  sooner  than  we  wanted  to.  If  you 
cut  back  on  the  amount  of  space  you’re  using 
by  going  with  smaller  blade  servers;  and  do  vir¬ 
tualization  so  you  can  remove  servers  alto¬ 
gether, you  get  better  cooling  ratios  in  your  data 
center  per  square  foot  and  you  save  money  on 
power.  It’s  all  kind  of  win,  win,  win. 

What  are  some  of  the  green  power  initia¬ 
tives  you’ve  already  put  in  place? 

On  the  roofs  of  two  of  our  three  buildings  we 
installed  solar  panels.  Those  are  fed  right  into 
our  power  system  and  power  about  20%  of  one 
building.That’s  not  necessarily  allocated  specif¬ 
ically  to  IT  or  the  computing  infrastructure,  but 
we  do  use  the  electricity.  And  our  data  centers 
use  about  70%  of  all  the  electricity  in  our  facil¬ 
ity  which  comes  to  about  $800,000  per  year. 

We  also  have  outfitted  the  entire  facility  with 
motion-detection  lights.  Lighting  is  one  of  the 
other  big  costs  in  our  facility  So,  when  people 
go  home  at  night,  the  lights  go  out  automati¬ 
cally  When  they  come  in  the  morning,  the 
lights  come  on  because  the  system  detects 
motion.You  can’t  get  much  more  efficient  than 
that.  We  also  installed  in  one  of  the  buildings 
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Getting  Personal:  Michael  Gorrell 


Title: 

Senior  vice  president  and  CIO 

Organization: 

EBSCO  Publishing 

Responsibilities: 

All  technology  within  EBSCO  Publishing. 

Annual  IT  budget: 

More  than  $20  million,  including  salaries. 

Number  of  IT  staff: 

185 

Education: 

B.S.,  mechanical  engineering,  University  of  Massachusetts. 
Graduate  work  at  Worcester  Polytechnic  Institute. 

Previous  jobs: 

Worked  as  a  manager  in  the  product  assurance  group  of 
Raytheon’s  missile  systems  division.  Started  at  EBSCO  14  years 
ago  as  a  product  manager  in  charge  of  running  EBSCOhost,  which 
was  just  being  built:  "System  manager  would’ve  been  a  better 
title." 

First  PC: 

“TandyTRS  180, 1  think.The  first  computer  1  fell  in  love  with  was 
the  Macintosh,  back  in  college.” 

Home  network: 

A  wireless  network  with  four  Macs  connected  to  the  Internet  via 
Verizon  FiOS  service. 

First  Internet 
experience: 

“When  1  joined  EBSCO,  1  got  an  account  onThe  World  — 
world.std.com.  So,  1  got  to  know  gopher  and  all  the  newsgroups 
and  stuff  like  that." 

—  and  in  this  fiscal  year  plan  to  install  in  the 
second  and  third  building  —  a  building  man¬ 
agement  system  that  allows  us  to  tune  the  tem¬ 
perature  based  on  a  schedule,  either  time-of- 
year  or  time-of-day  ambient  temperature.  In  the 
data  centers,  we  also  incorporate  ambient  air 
to  augment  the  cooling,  which  is  especially 
helpful  during  the  winter  months.  When  it’s 
cold  outside,  we  can  pump  cold  air  from  the 
outside  in,  and  it  saves  us  from  firing  up  our 
HVAC  units,  compressors  and  all  that. 

What  are  some  of  the  power  initiatives 
you're  looking  at9 

We’ve  looked  at  wind  turbines.  We  have  a 
parking  garage  in  our  campus  and  have  plans 
to  install  two  wind  turbines  on  the  upper  deck 
of  the  garage.  We’re  also  looking  at  something 
called  an  Archimedes  Screw.  We ’re  right  on  the 
Ipswich  River,  and  there’s  a  tidal  waterfall 
where  the  river  meets  Ipswich  Bay  So,  we’re 
thinking  of  putting  an  Archimedes-type  screw, 
which  is  a  hydroelectrical  generation  unit,  to 
generate  power  from  the  river.  The  payback  on 
that  is  not  too  bad,  about  four  to  five  years, 
which  is  better  than  solar  panels  —  they’re 
about  eight  years.  And  then  we’re  also  looking 
at  CHP  [combined  heat  and  power,  or  co-gen- 
eration] ,  which  is  essentially  burning  natural 
materials  for  fuel  instead  of  burning  oil.  The 
payback  on  that  is  really  good. The  issue  for  us 
being  able  to  do  it  is  our  physical  location.You 
need  to  bring  in  wood  chips,  basically,  and 
we’re  not  sure  we  have  the  physical  space  to 
do  that.  We  also  have  all  the  permits  and  such 
to  get  through.  So,  we’re  not  sure  we  can  do 
that,  but  we’re  definitely  looking  at  it. 

Isn’t  it  kind  of  a  different  calculation  from 
a  traditional  ROI  calculation  because  you 
get  the  savings  forever,  or  for  the  life  of 
the  solar  panels  or  hydro  screw? 

Yes,  you  have  to  factor  that  in.  If  energy  costs 
triple,  then  that  increases  the  payback  for  sure. 
And  the  length  of  the  savings,  too,  is  something 
that’s  also  part  of  the  calculation;  but  the  first 
thing  we  look  at  is  the  initial  payback. 

What  about  inside  the  data  center  -  can 
you  talk  more  about  how  blades  factor  in  to 
your  green  initiative? 

For  blades,  the  benefit  there  is  smaller  foot¬ 
print,  higher  density  so  it  saves  on  some  square 
footage  but  it  also  consumes  less  power  and 
generates  less  heat.  Just  generally,  if  you  did 
processor-for-processor,  blades  vs.  the  other 
units,  blades  are  cheaper  to  run.  We’re  proba¬ 
bly  60%  blades  now. 

The  other  thing  we’re  doing  that’s  similar,  but 
with  an  interesting  different  dynamic,  is  virtual- 
ization.As  we  approach  virtualization, the  basic 
idea  is,  instead  of  having  three  physical 
machines  that  aren’t  heavily  loaded,  you  have 
one  physical  machine  that  is  heavily  loaded 
but  has  three  virtual  machines  inside.  If  you  just 
use  that  3:1  or  10:1  —  there  are  different  ratios 
you  can  use  depending  on  the  server  workload 

—  if  you  break  that  down,  it’s  easy  to  see  how 
you  save  energy  and  HVAC.  Basically  for  every 


three  machines,  you  remove  two  of  them.  So 
boom,  there’s  savings  there.  We  tend  to  lease 
our  servers  and  so,  for  all  the  server  leases  that 
are  up  this  fiscal  year  —  the  12  months  starting 
in  July  —  we’re  not  going  to  replace  two-thirds 
of  them.  So,  that’s  67%  fewer  physical 
machines  in  our  data  center,  and  the  energy 
savings  are  directly  proportional  to  that. 

How  far  along  is  your  virtualization  effort? 

It’s  in  the  early  stages,  but  we’re  about  to  ramp 
up  over  the  next  four  months.  By  the  time  we 
get  done  with  this  fiscal  year,  we’ll  be  about 
80%  as  virtualized  as  we’re  going  to  be.  So, 
going  from  zero  to  60  in  one  fiscal  year. 

Another  thing  we’re  doing  inside  the  data 
center  that  relates  to  green  initiatives  is  we’re 
leveraging  snap  mirror  and  deduplication 
technology  from  Network  Appliance. 

How  does  that  relate  to  green? 

The  basic  gist  of  deduplication  is,  it  looks  at  a 
block  level;  and  if  it  sees  the  same  pattern  in  a 
block.it  won’t  store  that,  even  if  that  block  may 
belong  to  a  different  file.  So,  you  can  get  a 
reduction  in  the  amount  of  storage  you  use 
and  on  the  disk  itself.  We’re  just  beginning  to 
explore  that,  and  we  think  that’ll  be  pretty  big 
in,  for  example,  our  Microsoft  Exchange  Server 
environment.You  can  imagine  in  a  company  of 
800  people,  where  e-mail  is  the  biggest  appli¬ 
cation,  when  people  share  files,  the  same  file 
goes  to  10,20,50  people.  Instead  of  having  that 
file  stored  50  times  inside  50  different  mail¬ 
boxes,  it’s  stored  once,  and  49  other  mailboxes 
just  refer  to  the  same  block  on  the  disk.  We’re 
interested  to  see  how  that  can  help  us. 

So  the  basic  idea  is  less  storage  and  then 
less  power? 


Exactly 

Can  you  talk  about  the  hot  aisle/cold  aisle 
design  that  you  use  in  your  data  centers? 

We  moved  into  the  third  building  about  two 
and  a  half  years  ago, and  one  of  the  reasons  was 
we  needed  more  data  center  space.  When  we 
did  that,  we  had  the  ability  to  design  the  data 
center  from  scratch.  So,  one  of  the  things  we 
did  was  to  design  it  with  a  hot  aisle/cold  aisle 
design,  which  is,  according  to  the  data  center 
experts,  the  most  efficient  way  to  design  your 
data  center.  Computers  are  all  designed  to  suck 
air  in  the  front  and  blow  it  out  the  back.  So, you 
set  up  aisles  of  racks  facing  each  other,  with  a 
space  in  between,  and  blow  the  cold  air  com¬ 
ing  from  air-conditioning  units  into  that  aisle. 
So,  the  backs  of  our  racks  face  each  other  and 
the  fronts  face  each  other.  That’s  how  you 
design  a  cold  aisle/hot  aisle.  Having  cold  air 
flow  over  computers  is  more  efficient  than  hav¬ 
ing  warm  air  or  mid-level  air. 

So,  it  reduces  the  load  on  your  HVAC? 

Right.  And  it  allows  you  to  get  more  com¬ 
puters  into  that  same  space. 

In  your  recent  presentation  at  Network 
World's  IT  Roadmap  event  in  Boston,  you 
said  you’re  predicting  a  15%  reduction  in 
the  energy  consumed  by  data  centers  in 
2008.  Does  that  still  hold? 

That’s  conservative.  1  think  we’re  going  to 
get  higher  than  15%,  based  on  the  projections 
we  have  now.  Mostly  it’s  the  virtualization 
that’s  going  to  get  us  there. 

Desmond  is  events  editor  for  Network  W brid  and 
president  ofPDEdit,  an  IT  publishing  company  in 
Southborough,  Mass.  Reach  him  at  paul@pdedit.  com. 
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Today,  datacenters  consume  up  to  30  times  more  energy  per  square  foot  than  a  typical 
office.  Energy  costs  eat  30%-40%  of  operational  budgets.  And  energy  usage  is  expected  to 
double  in  five  years.  Is  there  an  answer?  There  is:  green  datacenter  and  IT  services  from 
IBM  that  help  you  implement  energy  conservation  policies  in  your  datacenter  and  measure, 
manage  and  report  on  real  results  against  those  plans.  Many  IBM  customers  have  doubled 
their  IT  capacity  while  others  have  reduced  energy  costs  by  40%  or  more.  A  greener  world 
starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

Take  the  first  step  toward  a  greener  datacenter  at  ibm.com/green/services 
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Reader  feedback 

Last  week  I  discussed  the  SliTaz  Linux  distro 
and  the  use  of  QEMU  to  launch  a  virtual 
machine  on  Windows  in  which  SliTaz  or 
pretty  much  any  other  operating  system  can 
run.  As  always, your  feedback  didn’t  disappoint. 

Reader  Art  Gibbens  wrote, “Thanx  so  much  for 
the  tip  on  QEMU.  1  also  stuffed  both  a  Knoppix 
and  PCLinuxOS  [ISO  files]  in  the  folder  (sepa¬ 
rately  —  of  course)  and  they  both  came  to  life.  I 
had  to  tweak  screen  resolution  in  Knoppix  and  the  login  doesn’t  work 
in  PCLinux,  which  I  would  think  could  both  be  rectified.  Keep  up  the 
good  work!” 

That’s  one  of  the  interesting  things  about  the  various  Linux  distros: 
many  have  terrific  features,  but  they  also  come  with  problems  and  flaws 
that  require  further  development  or  workarounds. 

Reader  Rex  Buddenberg  took  a  longer  look  at  SliTaz  and  noted  that,  as 
it  uses  the  Linux  2.6  kernel,  it  is  pretty  remarkable  that  it  fits  on  16MB. 
Buddenberg  also  noted  that  SliTaz  “uses  Xvesa,  not  Xorg.  Xvesa  is  OK  if 
you  have  a  1024x768  (or  600x800)  screen,  but  if  you  have  a  larger  screen 
[Xvesa]  won’t  use  it  effectively  Xvesa  is  pretty  old  and  not  maintained. 
Puppy  ships  with  both;  user  chooses.” 

Allow  the  XFree86  Project,  home  of  Xvesa,  to  translate:  “Xvesa  is  a 
generic  [free, open  source]  X  server  for  Linux  on  the  x86  platform. Xvesa 
doesn’t  know  about  any  particular  hardware,  and  sets  the  video  mode 
by  running  the  video  BIOS  in  VM86  mode.  Xvesa  can  use  both  standard 
VGA  BIOS  modes  and  any  modes  advertised  by  a  VESA  BIOS  if  avail¬ 
able.”  XFree86  goes  on  to  note  that  “Xvesa  runs  untrusted  code  with  full 
privileges,  and  is  therefore  a  fairly  insecure  X  server.  The  Xvesa  server 
should  only  be  used  in  trusted  environments.”  (Xorg,  another  free  open 
source  project,  implements  essentially  the  same  service  as  Xvesa  but 


and  Linux  distros 

supports  higher  screen  resolutions  and  is  more  secure.) 

The  Puppy  Buddenberg  referred  to  is  a  popular  Linux  distro  that  re¬ 
cently  attracted  attention  for  its  stability,  features  and  ease  of  use,  but 
given  the  project’s  commander  in  chief,  Barry  Kauler,  has  just  an¬ 
nounced  he  will  soon  “retire”,  the  future  of  the  distro  is  uncertain. 

Buddenberg  also  noted  that  in  SliTaz “gFTP  doesn’t  work  ...freezes  on 
connection  and  spawns  multiple  ssh  client  processes.  Mystifying."  GFTP 
is  “a  free  multithreaded  file  transfer  client”  and  it’s  nonoperation  is, 
indeed,  odd. 

Buddenberg  continued:  “SliTaz  has  no  Wi-Fi  support  that  I  could  find 
(Puppy  has  a  config  routine  that’s  nearly  idiot-proof),  no  man  files  and 
the  doc  is  en  Francais.  My  French  is  ...  ahem,  a  bit  rusty’ 

No  man  files  (the  *nix  documentation  utility)  isn’t  a  show  stopper  as 
you  can  find  all  documentation  you  need  online,  but  SliTaz’s  focus  on 
supporting  French  is  indeed  tricky  if  your  French  isn’t  up  to  snuff. 

Buddenberg  also  said  SliTaz  has  a  bunch  of  annoying  immature  qual¬ 
ities  but  notes  none  of  them  are  killers.Two  examples:  incomplete  inte¬ 
gration  for  handling  PDF  files  (the  “file  manager  attempts  to  call  xpdf  [a 
basic  PDF  viewer]  when  [you]  double-click  a  .pdf  file”;  and  it  oddly 
offers  “three  text  editors  in  two  different  places  [but]  no  real  word 
processor.” 

He,  concluded:  “In  general  [SliTaz]  seems  much  less  mature  than 
Puppy  Lots  of  incompletes  ...  I’m  not  switching.” 

1  prefer  Ubuntu,  which  is  very  stable, has  no“rough  edges,” and  both  the 
desktop  and  server  editions  are  nicely  engineered. 

What  I’d  like  to  hear  from  you:  Are  you  using  Linux  distros  and  if  so 
which  ones  and  for  what?  And  which  distros  do  you  dislike  or  don’t  trust? 

Gibbs  finds  there  are  too  many  operating  systems  and  not  enough  time 
in  Ventura,  Calif.  Tell  him  where  your  time  goes  at  gearhead@gibbs.com. 


GEAR HEAD 

Mark  Gibbs 
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Netflix  box  rocks,  but  where’s  the  content? 


COOLTOOLS 


The  scoop:  Netflix  Player  by  Roku,  about  $100. 
What  it  is:  A  very  small  set-top  box  that  con¬ 
nects  to  a  TV  and  home  broadband  network,  via 
Ethernet  or  Wi-Fi,  the  Netflix  Player  by  Roku 
offers  Netflix  subscribers  the  chance  to  watch 
movies  or  TV  shows  offered  by  Netflix  through 
the  TV  instead  of  having  to  wait  for  DVDs  deliv- 
ered  in  the  mail.  It’s  an  extension  of  the  service’s 
watch-on-a-PC  offering,  but  now  you  can  watch  on 
aTVThe  box  includes  several  video  outputs,  including  composite,  com¬ 
ponent  and  HDM1.  After  connected,  users  can  build  an  “Instant  Queue” 
of  content  at  the  Netflix  Web  site,  and  then  watch  the  shows  on  the  TV 
Why  it’s  cool:  If  your  Netflix  DVDs  are  collecting  dust  on  the  top  of 
your  entertainment  center,  having  the  ability  to  watch  movies  instantly 
over  broadband  might  be  more  appealing  than  returning  a  DVD  and 
waiting  for  it  in  the  mail. The  box  was  extremely  easy  to  set  up,  and  the 
small  size  of  the  box  made  it  unobtrusive  in  our 
living  room.  Kudos  to  Roku  for  designing  an  easy- 
to-use  remote  control  that  allowed  for  quick  setup, 
even  with  WPA2  password  input  to  get  onto  my 
secure  wireless  network.  Another  nice  touch  — 

Netflix  subscribers  don’t  need  to  pay  additional 
fees  in  order  to  use  the  instant  viewing  feature. 

In  testing  the  box,  we  experienced  no  latency 
with  the  streaming,  once  the  content  buffered  ini¬ 
tially  (and  when  we  tried  to  jump  forward  or  re¬ 
wind),  it  was  like  watching  a  video  on  our  DVR. 

While  we  didn’t  get  the  same  video  quality  as  we 
would  have  on  a  DVD,  it  was  still  good  quality 
The  big  selling  point  for  the  box  is  the  ability  to 
watch  entire  television  seasons  instantly,  rather 


than  picking  and  choosing  individual  DVDs  and  then  waiting.  If  you 
want  to  watch  episodes  1  and  then  12  of  “30  Rock,”  for  example, you  can 
do  that  instead  of  watching  Disc  1,  returning  it  and  then  waiting  for  Disc 
3  to  arrive. 

Some  caveats:  A  big  caveat  at  the  moment  —  content  available  for  in¬ 
stant  viewing  pales  to  Netflix’s  DVD  options.  While  the  company  claims 
to  offer  more  than  12,000  instant  movies  and  TV  episodes,  most  of  the 
content  is  older  movies  and  shows  that  you’d  probably  not  watch  any¬ 
way  (really  does  anyone  want  to  watch  the  third  season  of  “Gimme  a 
Break!”?).  Browsing  through  the  instant  viewing  choices  was  like  going 
through  the  $2  DVD  discount  bin  at  the  pharmacy  Another  difference  is 
the  lack  of  “bonus  content”  that  comes  with  DVDs,  such  as  director  com¬ 
mentaries  and  bloopers. 

But  Netflix  isn’t  alone  in  this  dearth  of  content.  Competitors,  including 
Apple,  Amazon  and  other  movie  download  services  are  having  the 
same  problem  convincing  content  creators  (movie  and  TV  studios)  to 

provide  updated  content  (or  even  good 
movies). While  it’s  cool  to  have  a  lot  of  con¬ 
tent  available,  Netflix  subscribers  will  still 
appreciate  being  able  to  get  their  DVDs 
delivered  to  them. 

Bottom  line:  The  box  is  more  like  a  com¬ 
plement  to  Netflix’s  DVD  service  than  of  a  re¬ 
placement.  If  the  company  can  get  more  up¬ 
dated  and  relevant  content  (especially 
newer  movie  releases  and  more  TV  epi¬ 
sodes),  then  the  value  of  the  box  increases. 

Grade:  ★★★★  (out  of  five)  for  the  box;^Hr 
for  Netflix’s  instant-  viewing  content. 


Roku  lets  you  watch  Netflix  through 
your  TV  rather  than  DVD  player. 


Shaw  can  be  reached  at  kshaw@nww.com. 
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NATION  FRAUD?  ‘'CGrtification  fraud  is  any  act, 
;  intended  to  help  an  exam  candidate  pass  a  cert  I  - 
ds  that  violate  vendor  security  policies." 
etrated  by  certification  candidates  and  corrupt  test 
II  as  by  the  individuals  and  organizations  that  post 
naterials  on  the  Web. 


BY  UNDA  MliSTHALER 


For  the  first  time  ever,  companies  that  devel¬ 
op  and  administer  IT  certification  exams  are 
working  together  to  combat  a  problem  that  has 
largely  been  swept  under  the  rug  for  years:  cer¬ 
tification  fraud. 

A  group  of  IT  hardware  and  software  ven¬ 
dors,  independent  certifying  agencies,  test  cen- 
others  have  formed  the  IT  Certification 
Council  (ITCC).The  goal  is  to  share  knowledge 
resources  to  combat  and  prevent  fraud, 
which  is  threatening  to  undermine  the  value  of 
IT  certification. 

ITCC  Chairman  Bill  Horzempa,  who  is  also 
director  of  Global  Certification  and  Partner 
Education  Development  for  HP  says,  “Most  of 
the  members  of  this  council  have  talked  pri¬ 
vately  with  one  another  about  the  cheating 
problem.  We  realized  that  this  isn’t  just  an  HP 
problem,  or  a  Cisco  or  Microsoft  problem. 
Certification  cheating  affects  the  vendors,  yes, 
but  it  also  hurts  individual  IT  professionals  and 
the  companies  that  employ  or  contract  them. 
In  effect,  cheating  creates  a  loss  of  confidence 
in  the  ability  of  the  IT  profession  to  solve  busi¬ 
ness  problems.” 

Chuck  Cooper,  ITCC  vice  chairman  and  pro¬ 
gram  director,  IBM  Certification  Programs  Skills 
Enablement,  Systems  and  Technology  Group, 
calls  certification  fraud  “an  annoying  pain  that 
always  seems  to  be  there.  It’s  a  cloud  hanging 
over  us.  It  doesn’t  go  away  on  its  own.” 

Indeed,  IT  certification  fraud  has  been 
around  for  years.  However,  new  techniques  for 
analyzing  test  scores  are  making  it  easier  to 
evaluate  the  scope  of  the  problem.  For  exam¬ 
ple,  test  security  company  Caveon  estimates 
that  15%  to  25%  of  IT  certification  exams  show 
some  aberration, which  can  be  an  indication  of 
cheating. 

Ignoring  the  problem  has  only  allowed  it  to 
get  worse.  All  one  has  to  do  is  Google  the  term 
“MCSE  study  aids”  and  thousands  of  sites  pop 
up  where  a  student  can  purchase  test  prepa¬ 
ration  materials  —  most  of  which  are  not 
authorized  or  recommended  by  Microsoft,  the 
owner  of  the  Microsoft  Certified  Systems 
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Engineer  certification. 

Though  the  documents  are  marketed  as 
study  materials,  the  information  often  con¬ 
sists  of  stolen  test  questions  and  answers.  Of 
course,  Microsoft  isn’t  the  only  company 
whose  materials  have  been  compromised. 
Content  for  virtually  any  IT  certification  exam 
can  be  found  online. 

The  impact  of  certification  fraud 

Certification  cheating  has  ramifications  for 
everyone,  including  the  individuals  who  pur¬ 
sue  certification,  the  employers  who  hire  them, 
the  companies  that  contract  for  IT  solutions 
and  services,  the  IT  vendors  who  manufacture 
and  sell  IT  products  and  solutions,  the  certify¬ 
ing  companies  and  agencies,  and  more  broad¬ 
ly,  the  general  public. 

Individuals  who  cheat  are  taking  a  risk  with 
their  careers.  If  students  are  found  to  be  cheat¬ 
ing,  they  can  face  a  range  of  consequences, 
such  as  negation  of  their  test  results,  loss  or 
denial  of  certifications,  banishment  from  a  cer¬ 
tification  program,  or  notification  to  an  employ¬ 
er.  Each  certifying  agency  sets  its  own  security 
policy  which  should  be  understood  before  a 
candidate  undergoes  the  certification  process. 

Employers  also  suffer  when  individuals  cheat 
on  certification  and  are  not  truly  qualified  for  a 
job.“If  employers  aren’t  getting  quality  work  out 
of  their  employees,  they  are  being  defrauded,” 
says  Taylor  Ripley,  CSO,  CertGuard.  “Employers 
need  to  know  they  are  getting  what  they  ask  for!’ 

Smaller  companies  that  don’t  have  a  human 
resources  department  to  help  weed  out  people 
who  can’t  do  a  job  are  most  likely  to  suffer 
damage  from  certification  fraud,  Ripley  says. 
“These  companies  are  forced  to  rely  on  certifi¬ 
cations  to  judge  a  person’s  qualifications.  A 
small  company  could  lose  money  or  business 
if  an  unqualified  person  screws  up,”  he  says. 

But  sometimes  it  is  employers  who  encourage 
employees  to  get  certified  using  any  means 
necessary  For  example,  a  systems  integrator  or 
value-added  reseller  (VAR)  might  want  to  get 


back  in-house  because  the  people  assigned  to 
the  contract  simply  weren’t  qualified  .“The  con¬ 
tract  specified  a  requirement  for  specific  kinds 
of  certified  professionals,  so  the  people  went 
out  and  purchased  a  credential,”  Gregory  says. 
In  the  end,  the  work  was  below  standards  set  in 
the  outsourcing  agreement. 

Vendors  such  as  Microsoft  and  Cisco,  and 
third-party  agencies,  such  as  the  Computing 
Technology  Industry  Association  and  the 
Storage  Networking  Industry  Association,  that 
sponsor  certification  programs,  lose  both 
money  and  intellectual  property  when  even 
one  exam  is  compromised.  It  can  cost  hun¬ 
dreds  of  thousands  of  dollars  and  take  numer¬ 
ous  subject  matter  experts  three  to  six  months 
to  develop  a  certification  test. 

“We  hear  from  candidates  that  some  of  our 
tests  are  readily  available,”  IBM’s  Cooper  says. 
“It’s  a  compromise  of  our  [intellectual  prop¬ 
erty]  .  Our  internal  sponsors  wonder  about  the 
validity  of  the  tests.They  typically  don’t  need  to 
rewrite  the  tests,  but  they  need  forensics  to 
understand  the  impact  to  the  test  scores. 
Nevertheless,  the  perception  is  that  damage 
has  been  done.” 

Fraud  and  the  countermeasures 

To  develop  measures  to  combat  fraud,  the 
certifying  agencies  need  to  understand  how 
cheaters  operate.  Here  are  some  of  the  tech¬ 
niques  that  have  been  identified  and  what 
authorities  are  doing  to  thwart  the  fraud. 

One  of  the  oldest  tricks  in  the  book  is  to  get 
someone  else  to  take  the  test  in  place  of  the 
real  candidate.  Called  a  proxy  test  taker,  a  per¬ 
son  goes  to  a  test  center  and  takes  an  exam 
registered  as  someone  else.  A  few  “entrepre¬ 
neurs”  have  even  turned  this  technique  into  a 
business. 

“Recently  we  found  that  our  certifications, 
along  with  other  IT  certs,  were  being  sold  on 
the  Internet  via  a  proxy  test  taking  service,” says 
Citrix  Systems’ Julieann  Scalisi.“Caveon,as  part 
of  our  new  Web  patrol  service,  took  the  action 


exploring  the  use  of  biometrics  such  as  finger¬ 
prints  to  determine  if  one  person  is  taking  tests 
under  numerous  names. 

Erik  Ullanderson,  manager  of  Global  Cert¬ 
ifications  for  Learning  at  Cisco,  is  happy  to 
share  his  antifraud  techniques  with  his  col¬ 
leagues  on  the  IT  Certification  Council.  “Our 
efforts  in  curtailing  fraud  are  not  a  Cisco-only 
value-add,”  Ullanderson  says.  “We  think  other 
companies  should  be  jumping  on  the  invest¬ 
ments  that  Cisco  and  Pearson  VUE  have  made.” 
The  ITCC  is  looking  at  how  it  can  utilize  this 
and  similar  programs  worldwide  in  light  of  pri¬ 
vacy  concerns  in  various  countries. 

Another  common  cheating  technique  is  to 
have  the  test  items  and  answers  in  advance. 
Such  information  is  often  posted  to  certifica¬ 
tion  forums,  blogs  or  brain  dump  sites,  giving  a 
candidate  the  opportunity  to  memorize  rather 
than  actually  learn  the  subject  matter.  “We 
know  that  exam  content  can  be  found  on  dif¬ 
ferent  Web  sites  for  a  fee”Scalisi  says.“Content 
and  answers  also  can  be  found  within  blogs 
and  discussion  forums  that  are  usually  in¬ 
tended  to  help  others  answer  difficult  exam 
items,  sometimes  providing  hints  but  often 
times  providing  actual  answers.” 

More  blatant  are  the  Web  sites  that  sell  hun¬ 
dreds  of  actual  exams,  marketing  them  as  study 
aids.  “Certification  candidates  need  to  know 
that  certifying  agencies  never  provide  their 
exams  or  other  preparation  materials  to  these 
brain  dump  sites,”  HP’s  Horzempa  says.“Most  of 
what  is  posted  has  been  obtained  through  ille¬ 
gal  means.”  Brain  dumps  are  often  in  violation 
of  the  laws  protecting  copyrighted  intellectual 
property 

Targeting  the  consumer 

This  begs  the  question:  Why  don’t  authorities 
shut  down  the  brain  dump  sites?  Because  it’s 
not  as  easy  as  it  seems. 

“In  the  late  1990s,  the  Digital  Millennium 
Copyright  Act  gave  software  companies  and 
testing  centers  the  ability  to  go  after  unautho- 


WHAT  HAPPENS  IF  YOU  GET  CAUGHT  CHEATING?  Negator  REQUIREMENTS)  RETAKE 

niat  of  a  certification  for  a  period  of  time  SNABiLITYTO  REGISTER  FOR  EXAMS  FOR  A  PERIOD  OF  TIME  Loss  of 
existing  certifications  or  benefits  from  a  vendor  or  agency  EXPULSION  FROM  A  CERTIFICATION  PROGRAM  Notification  of  loss  of  certi¬ 
fication  to  the  employer  CIVIL  IMINAL  PROSECUTION  Cease-and-desist  order  for  the  sale  of  stolen  test  materials 


authorized  to  sell  a  particular  vendor’s  product, 
which  could  require  that  the  company  have  one 
or  more  certified  professionals  on  staff. 

“If  a  VAR  helps  his  employees  cheat  to  get  a 
certification  in  order  to  get  or  stay  authorized, 
the  company’s  customers  are  affected,  as  well 
as  the  vendor  that  the  VAR  represents,”  Ripley 
says.  “Say  someone  cheats  to  reach  the 
Microsoft  Gold  Certified  Partner  level.  If  the  VAR 
implements  a  poorly  designed  solution,  the 
customer  has  wasted  his  money  and  he  thinks 
Microsoft  has  bad  products.  Everyone  loses 
when  this  happens.” 

Rick  Gregory,  managing  director  of  the  train¬ 
ing  community  of  Traininglndustrycom,  has 
heard  of  instances  in  which  outsourcing  con¬ 
tracts  are  canceled  and  the  work  is  brought 


to  have  them  removed  from  Google. 
Unfortunately,  the  site  still  exists  and  they 
appear  to  be  selling  Citrix  certifications  from 
$700  to  $4,800.” 

Cisco  and  test  delivery  company  Rearson 
VUE  are  in  the  forefront  of  implementing  strin¬ 
gent  candidate  authentication  techniques  to 
discourage  proxy  test  taking.  Soon,  each  Cisco 
exam  candidate  will  be  required  to  have  a  dig¬ 
ital  photo  taken  at  the  test  center,  and  must  pro¬ 
vide  a  digital  signature  in  order  to  take  the 
exam.The  photo  and  signature  will  be  attached 
to  the  test  results. 

Over  time,  Cisco  and  Ftearson  VUE  will  be 
able  to  spot  individuals  whose  photos  appear 
under  different  names  and  signatures.  Other 
vendors  and  test  delivery  companies  are 


rized  providers  of  test  content,”  says  David 
Meissner,  vice  president  of  Solution  Services  at 
Prometric.  “But  having  this  legal  tool  doesn’t 
make  it  easy  to  go  after  the  offenders.  Often 
they  are  located  in  countries  that  don’t  recog¬ 
nize  U.S.  laws,  making  prosecution  difficult  to 
impossible.” 

It  takes  very  deep  pockets  to  pursue  the  pur¬ 
veyors  of  brain  dumps.  Civil  or  legal  action  can 
drag  out  for  years  with  little  success.  Many  cer¬ 
tifying  agencies  will  pursue  a  cease-and-desist 
order  rather  than  a  lawsuit  if  their  intellectual 
property  is  compromised. 

A  different  strategy  for  combating  certifica¬ 
tion  cheating  is  to  go  after  the  consumer  of  the 
illicit  materials.“Brain  dump  sites  are  like  drug 
dealers,”  says  Lee  Futch,  product  management 
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lead  for  Symantec  Education  Services.“As  long 
as  there  is  a  customer,  there  will  be  a  dealer. We 
need  to  cut  off  the  customer  base  to  kill  the 
illegal  dealers  of  stolen  [intellectual  property] 

One  of  the  missions  of  the  ITCC  is  to  spread 
the  word  to  candidates  that  the  certifying 
agencies  are  going  after  the  consumers  of  the 
stolen  test  materials  whether  the  consumption 
was  intentional  or  inadvertent. 

The  good  news  is  that  it’s  getting  easier  to 
spot  cheaters.  Using  data  forensics  techniques 
that  didn’t  exist  just  a  year  or  two  ago,  certifying 
agencies  now  collect  metrics  that  can  indicate 
the  possibility  that  someone  has  used  illegal 
tactics  to  pass  the  exam. 

The  metrics  reveal  statistics  such  as  how  long 
it  took  the  student  to  answer  each  test  item, 
which  answers  were  changed  during  the  test, 
and  how  much  time  the  student  needed  to 
complete  the  test.These  metrics  are  compared 
with  a  historical  baseline  value,  and  too  much 
variation  raises  a  red  flag.  Before  the  student 
even  walks  out  the  door  of  the  test  center,  the 
test  results  can  be  called  into  question,  trigger¬ 
ing  further  investigation. 

Even  “inadvertent  cheaters”  can  be  caught 
this  way  People  who  use  information  from  the 
brain  dump  sites  are  essentially  able  to  memo¬ 
rize  or  at  least  practice  actual  test  questions 
and  answers,  whether  they  do  it  knowingly  or 
not.This  advantage  can  be  readily  identified  in 
the  test  metrics,  and  the  candidate  can  be  sin¬ 
gled  out  for  further  investigation  and  possible 
consequences. 

“Citrix  uses  data  forensics  to  identify  specific 
instances  of  cheating,”  Scalisi  says.  “We  now 
conduct  a  monthly  review  to  identify  anom¬ 
alous  scores  and  results.  Once  confirmed  as 
cheating,  candidates  are  subject  to  remedies 
up  to  and  including  certification  revocation 
and  ban  from  testing  for  up  to  one  year 

ITCC  members  don’t  share  data  forensics 
about  specific  exams  or  individuals,  but  they  do 


share  information  about  testing  centers  if  cor¬ 
ruption  is  suspected.  “Forensics  let  us  look 
across  tests  and  centers  around  the  world,”  IBM’s 
Cooper  says.“When  a  test  center  appears  to  be 
compromised,  we  gather  statistically  valid  proof 
to  act  upon. This  data  is  based  on  tens  of  thou¬ 
sands  of  tests  that  are  administered  each  year” 

One  test  developer  who  prefers  to  remain 
anonymous  describes  a  recent  scenario  in 
which  dozens  of  candidates  took  the  same 
exam  at  a  proctored  testing  center  in  India. 
Every  candidate  scored  extremely  high  on  the 
test  —  definite  aberration  from  normal  cir¬ 
cumstances.  “This  was  an  indication  to  us  that 
the  test  center  had  a  security  problem,”  the 
developer  says.  By  sharing  such  information 
through  the  ITCC,  the  IT  vendors  can  decide 
whether  to  continue  using  that  testing  center. 

It  all  starts  with  the  test 

Test  developers  are  adding  new  measures  of 
security  into  their  exams.  Prometric’s  Meissner 
says  innovation  in  test  security  will  help  curtail 
cheating.  “There  are  new  ways  to  assemble  a 
test  to  incorporate  security?’  he  says.“For  exam¬ 
ples  fixed  form  test  that  has  100  items  would 
be  easy  to  memorize.  By  adding  item  cloning, 
in  which  there  are  three  or  four  variations  of 
the  test,  the  full  test  is  much  harder  to  memo¬ 
rize.  Making  the  test  modular  creates  even 
more  variations.  Even  better,  dynamic  forms 
use  a  computer  system  to  generate  a  unique 
test  for  each  candidate.”  All  of  these  techniques 
make  it  harder  for  people  to  memorize  and 
regurgitate  the  test  for  profit. 

Futch  says  Symantec  is  taking  a  bit  of  a  “fight 
fire  with  fire”  approach  to  exams.  “Symantec 
uses  multiple  versions  of  a  test  for  each  certifi¬ 
cation  exam,  and  we  use  stealth  questions 
embedded  in  the  tests  to  determine  if  people 
have  used  brain  dump  sites  to  prepare,” he  says. 

Several  vendors,  including  Microsoft,  HP 
Citrix  and  Cisco,  use  performance-based  test¬ 


ing,  a  method  that  includes  a  hands-on  portion 
of  the  test  that  is  difficult  to  fake. The  test  taker 
uses  a  simulator  or  a  virtual  environment  to 
perform  specific  actions  that  help  him  derive 
the  answers  to  test  questions.  In  addition  to 
being  a  better  way  to  judge  a  person’s  knowl¬ 
edge  of  the  subject  matter,  performance-based 
exams  reduce  the  possibility  of  cheating.  This 
type  of  exam  is  more  difficult  and  expensive  to 
develop,  but  new  innovations  in  virtualization 
and  animation  are  making  it  easier  to  develop 
and  administer  the  exams. 

Citrix  is  adding  a  “why”  element  to  its  exams. 
“We  have  a  quality  initiative  within  our  course¬ 
ware  development  team  that  is  focused  on 
including  the  ‘why’  in  our  course  content,” 
Scalisi  says. “This  will  help  ensure  that  our  stu¬ 
dents  not  only  learn  how  to  perform  required 
tasks  but  why  it’s  important  as  well.  Going  for¬ 
ward,  our  exams  will  likely  include  this,  making 
it  more  difficult  or  impossible  to  memorize 
answers.”  She  points  out  that  one  of  the  exams 
associated  with  the  Citrix  Certified  Integration 
Architect  (CCIA)  certification  track  tests  candi¬ 
dates’  ability  to  make  design-related  decisions 
and  then  advise  why  they  made  their  decision. 

Certification  still  a  good  measure  of  skills 

Horzempa  stresses  that  the  certification 
process  is  still  important  to  employers  looking 
to  hire  qualified  IT  professionals.  “The  vast 
majority  of  people  who  have  attained  certifica¬ 
tions  have  done  so  legitimately’  Horzempa 
says.“They  have  studied  hard  and  applied  their 
experience  and  knowledge  to  prove  they  are 
experts  in  their  field.  Employers  can  still  have 
confidence  in  using  certifications  as  one  mea¬ 
sure  in  evaluating  candidates  for  employment.” 

On  rare  occasions,  people  may  claim  to  have 
credentials  that  they  really  don’t  have. 
“Employers  can  always  contact  a  vendor 
directly  to  verify  that  a  person  holds  a  creden¬ 
tial,”  Gregory  of  Traininglndustrycom  says.  He 
compares  it  with  verifying  employment  history 
when  candidates  list  previous  employers  on  a 
resume  or  application.  Most  certifying  agencies 
will  verify  whether  a  person  has  attained  the 
credentials  he  lists  on  his  resume. 

As  Scalisi  points  out,  certification  that  is 
earned  legitimately  validates  that  candidates 
possess  the  qualifications  that  will  help  them 
perform  a  job  successfully  Thus  it  is  in  every¬ 
one’s  best  interest  to  maintain  the  integrity  and 
value  of  the  IT  certification  system. 

“There  will  be  people  who  cheat  no  matter 
what,”  Horzempa  adds.“To  them,  the  risk  of  get¬ 
ting  caught  is  worth  the  reward  of  making  easy 
money  But  there  are  many  more  honest  peo¬ 
ple  that  might  be  tempted  to  cheat  —  say  by 
buying  a  ‘study  aid’  that  is  really  a  copy  of  the 
exam  —  that  must  now  ask  themselves  if  the 
penalty  is  worth  the  risk.  Is  it  really  worth  ruin¬ 
ing  your  career  and  destroying  your  personal 
integrity  if  you  get  caught  cheating  or  selling 
the  exams?  To  these  people,  I  simply  say ‘Study 
for  the  test,  and  take  it  legitimately” 

Musthaler  is  a  principal  analyst  at  Essential 
Solutions  Corp.  and  a  Network  World  columnist. 
She  can  be  reached  at  lmustaler@essen 
tial-iws.com. 


member  of  the  Exam  Security  Team  from  a  major  IT  solutions  vendor 
y  recently  received  an  e-mail  from  an  IT  professional  who  owned  up  to 
y, the  fact  that  he  had  inadvertently  cheated  to  prepare  for  his  certifi- 
cation  exam. 

“As  part  of  my  preparation  I  downloaded  a  couple  of  ‘brain  dump' 
exams  off  the  Internet,"  says  the  student  in  his  note.  “My  intentions 
were  not  to  memorize  these  tests  and  cheat  my  way  through  the 
,t  exam;  although  I  must  admit  there  were  moments  that  I  thought 
knowing  a  couple  of  questions  would  help.  I  had  a  hard  time  believ- 
JHV  Bi  ing  that  the  brain  dumps  could  be  the  actual  test  questions. That's 
just  not  legitimate. 

“Upon  taking  the  actual  exam,  I  noticed  questions  that  I  distinctly  remembered 
frotn  the  brain  dumps,”  the  student  continues  in  the  note.  "I  definitely  got  a  number 
\  of  questions  right  because  of  the  brain  dumps,  and  the  dumps  may  have  indirectly 
benefited  me  on  other  questions." 

r  The  note  concludes  with  an  air  of  penitence:  “I  wanted  to  let  you  know  what  hap¬ 
pened  and  any  action  on  your  part  is  the  consequence  of  my  actions.  Cheating  in  this 
fashion  is  not  how  I  want  to  live  my  life  and  I  am  truly  sorry.” 

A  manager  from  the  vendor’s  certification  program  office  says  this  is  the  first 
r  time  she  has  received  such  a  note.  As  troubling  as  the  message  is,  the  manager 
views  it  as  a  good  thing;  it  means  that  word  is  getting  out  that  certification  brain 
dumps  are  actually  a  form  of  cheating. 
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CLEAR  CHOICE  TEST  VIRTUALIZATION 


VMware  edges  Microsoft  in 
virtualization  performance  test 

Hyper-V’s  bright  spot  is  a  set  of  drivers  that  help  it  support  Linux  VMs 


BY  TOM  HENDERSON  AND  BRENDAN 
ALLEN,  NETWORK  WORLD  LAB  ALLIANCE 

ith  the  recent  release  of  Microsoft’s 
Hyper-V  shaking  up  the  hypervisor 
market,  we  decided  to  conduct  a 
two-part  evaluation  pitting  virtualiza¬ 
tion  vendors  against  each  other  on  perfor¬ 
mance  and  on  such  features  as  usability  man¬ 
agement  and  migration. 

Microsoft  and  VMware  accepted  our  invita¬ 
tion,  but  the  open  source  virtualization  ven¬ 
dors  —  Citrix  Systems  (Xen)  and  Red  Hat 
(Linux-based  hypervisor)  —  were  unable  to 
participate  because  they  are  doing  product 
revisions.  That  left  us  with  a  head-to-head 
matchup  between  Microsoft’s  Hyper-V  and 
VMware’s  market-leading  ESX. 

The  findings  here  focus  on  hypervisor 
performance.  A  second  installment  to  be  pub¬ 
lished  later  this  month  will  take  into  account 
usability  management  and  migration  features. 

The  question  of  which  hypervisor  is  faster 
depends  on  a  number  of  factors.  One  is  how 
VM  guest  operating  systems  are  allocated  to 
the  available  host  CPUs  and  memory.  Another 
is  the  numerous  product-specific  limitations 
that  can  restrict  performance. 

That  said,  VMware  ESX  was  the  overall  win¬ 
ner  in  this  virtualization  performance  contest 
—  where  we  were  limited  to  running  six  con¬ 
current  VMs  because  of  the  combination  of 
our  server’s  processor  cores  and  memory 
capacity  and  the  limitations  of  the  hypervisors 
we  tested.  ESX  pulled  down  top  honors  in 
most  of  our  basic  tests  of  load  testing,  multi- 
CPU  VM  hosting,  and  disk  I/O  performance. 

Microsoft’s  Hyper-V  however,  did  well  when 
we  used  a  special  set  of  drivers  released  by 
Microsoft  to  boost  the  performance  of  the 
only  Linux  platform  Hyper-V  officially  sup¬ 
ports:  Novell’s  SUSE  Linux  Enterprise  Server 
(SLES)  10. 

Virtual-machine  hypervisors  represent  serv¬ 
er  hardware  resources  iteratively  to  multiple 
guest  operating  systems.  The  physical  CPUs 
(also  called,  at  their  discrete  level,  cores)  are 
represented  to  guest  operating  systems  as  vir¬ 
tual  CPUs  (vCPUs). There  isn’t  necessarily  a 
one-core  to  one-vCPU  relationship,  however. 
The  exact  ratio  depends  on  the  underlying 
hypervisor.  In  our  testing,  we  let  the  hypervi¬ 
sor  decide  how  to  represent  CPU  resources 
as  vCPUs. 

The  operating  systems  “see”  the  server  re¬ 
sources  within  the  limitations  imposed  by  the 


hypervisor.  For  example,  a  four-CPU-core  sys¬ 
tem  might  be  represented  as  a  single  CPU  to 
the  operating  system,  which  then  has  to  live 
on  just  that  CPU. In  other  cases,  four  CPUs  may 
be  virtualized  as  eight  vCPUs,  in  a  scenario  in 
which  quieter  VMs  aren’t  likely  to  use  peak 
CPU  resources  frequently  Other  constraints 
can  be  imposed  on  the  VMs  as  well,  such  as 
those  pertaining  to  disk  size,  network  I/O,  and 
even  which  guest  gets  to  use  the  single 
CD/DVD  inside  the  server. 

One  frustrating  performance  limitation  im¬ 
posed  by  both  Hyper-V  and  ESX  is  that  the 
number  of  vCPUs  that  can  used  by  any  single 
VM  is  four,  no  matter  which  type  or  version  of 
that  guest  operating-system  instance  is,  or  how 
many  physical  cores  might  be  available. 
Furthermore,  if  you  choose  to  run  32-bit  ver¬ 
sions  of  SLES  10  as  a  guest  operating  system, 
you  will  find  that  Microsoft  lets  those  guests 
have  only  a  single  vCPU. 


The  limitations  hypervisor  vendors  impose 
on  the  number  of  available  vCPUs  come  from 
two  areas.  First,  keeping  track  of  VM  guests 
with  very  large  CPU  needs  involves  enormous 
memory  management  and  a  large  amount  of 
exceedingly  difficult  inter-CPU  communica¬ 
tions  (including  processor  cache,  instruction 
pipelines  and  I/O  state  controls).  Second,  the 
demand  for  VM  guest  hosting  has  been  per¬ 
ceived  to  be  a  server  consolidation  action  — 
and  servers  in  need  of  consolidating  often  are 
single-CPU  machines. 

These  limitations  in  hypervisor  hardware- 
resource  allocations  set  the  stage  for  how  we 
could  take  advantage  of  the  16-CPU  HP 
DL580G5  server  in  our  test  bed  (see  “How  we 
did  it,”www.nwdocfinder/6424). 

As  previously  noted,  Microsoft  officially  sup¬ 
ports  its  own  operating  systems  and  Novell’s 
SLES  10  (editions  running  Service  Packs  1  and 
See  Virtualization,  page  44 


Tracking  performance  degradation  as  VMs  are  added 

Adding  virtual  guests  in  either  hypervisor  environment  when  eachVM  had 
access  to  a  single  vCPU  began  impeding  the  guests'  performance.  ESX  was 
the  better  performer  when  hosting  only  one,  then  three,  VMs,  but  Hyper-V  had 
slightly  better  numbers  when  hosting  six  VMs.  All  measurements  were  taken 
using  the  SPECjbb2005  tool,  which  expressed  all  results  in  average  basic 
operations  per  second  (bops)  perVM. 


Windows  Server 
2008  on  aii  VMs 

Novell  SLES  10.2 
on  all  VMs 

Operating  system  running  natively  on  one 
CPU. 

18,153 

22,240 

One  operating  system  instance  running  on 
Microsoft  Hyper-V  with  access  to  one  vCPU. 

17,403 

(95.87%  of  native) 

19,619* 

(88.21%  of  native) 

One  operating  system  instance  running  on 
VMware  ESX  with  access  to  one  vCPU. 

17,963 

(98.95%  of  native) 

20,711 

(93.13%  of  native) 

Three  VMs  running  on  Microsoft  Hyper-V 
with  one  vCPU  allocated  per  VM. 

16,363 

(90.14%  of  native) 

18,461* 

(83.01%  of  native) 

Three  VMs  running  on  VMware  ESX  with 
one  vCPU  allocated  perVM. 

17,735 

(97.70%  of  native) 

20,229 

(90.96%  of  native) 

Six  VMs  running  on  Microsoft  Hyper-V  with 
one  vCPU  allocated  per  VM. 

14,531 

(80.05%  of  native) 

15,168* 

(68.20%  of  native) 

Six  VMs  running  on  VMware  ESX  with  one 
vCPU  allocated  perVM. 

13,964 

(76.92%  of  native) 

14,009 

(62.99%  of  native) 

"Results  achieved  with  Microsoft  Hyper-V  Linux  Interface  Connector  kit  applied. 
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CLEAR  CHOICE  TEST  VIRTUALIZATION 


Virtualization 

continued  from  page  42 

2)  as  guest  instances.That’s  the  reason  we  test¬ 
ed  with  only  Windows  Server  2008  and  SLES 
10.2  VMs.  Other  operating  systems  (Red  Hat 
Linux,  Debian  Linux  and  NetBSD)  may  work, 
but  organizations  seeking  debugging  or  tech 
support  are  on  their  own  if  they  use  them. 

While  we  were  testing,  Microsoft  introduced 
its  Hyper-V  Linux  Interface  Connector  (Linux- 
IC)  kit,  which  is  a  set  of  drivers  that  help  opti¬ 
mize  CPU,  memory,  disk  and  network  I/O  for 
SLES  guest  instances.  We  saw  a  boost  in 
performance  with  the  kit  in  place,  but  only  in 
the  case  of  one  vCPU  per  guest.  Hyper-V 
LinuxIC  isn’t  supported  for  symmetric  multi¬ 
processing  (SMP)  environments. 

The  cost  of  virtualization 

No  one  is  claiming  the  buzz  about  server  vir¬ 
tualization  is  unsubstantiated.  It  lets  you  pack 
multiple  operating-system  instances  onto  the 
same  hardware  that  previously  hosted  only 
one  instance.  And  it  helps  in  deploying  a  stan¬ 
dard  operating-system  profile  across  the  data 
center,  if  that  is  your  goal. 

But  nothing  is  free.  Hypervisors  become  the 
basic  operating  system  of  the  servers  that  they 
virtualize,  and  that  taxes  performance.  Our  first 
test  measured  the  cost  of  virtualization  by 
comparing  an  operating  system’s  transactional 
performance  when  it  ran  on  bare  metal  with  its 
performance  when  a  hypervisor  served  as  a 


buffer  between  the  operating  system  and  the 
system.  The  difference  in  performance 
amounts  to  a  theoretical  “tax”  imposed  by  the 
hypervisor’s  innate  management  role. 

The  performance  hit  when  we  moved  from  a 
native  operating-system  instance  to  a  virtual¬ 
ized  one  with  a  single  vCPU  allotted,  ranged 
from  just  over  1%  when  ESX  was  running 
Windows  Server  2008,  to  more  than  12%  when 
Hyper-V  was  running  SLES.  (See  top  of  graphic, 
page  42.)  The  foundational  performance  “cost” 
of  each  hypervisor  varied,  but  VMware  won  this 
theoretical  round.  It’s  theoretical  because  there 
are  few  cases  for  running  a  VM  platform  with 
only  a  single  guest  limited  to  a  single  CPU. 

When  there  was  an  increase  in  the  number  of 
CPUs  made  available  to  a  single  VM  guest,  the 
cost  of  virtualization  varied  more  widely  (See 
top  of  graphic,  this  page.)  When  we  allowed  a 
single  operating  instance  SMP  access  to  four 
vCPUs,  the  lowest  cost  —  less  than  4%  —  was 
registered  when  VMWare  ESX  was  supporting  a 
SLES  instance.  Conversely  the  highest  opera¬ 
tional  cost  was  a  more  than  15%  hit  taken  when 
Hyper-V  was  supporting  a  SLES  instance. 

Overall,  Hyper-V  also  lost  this  round,  but  by 
very  little  when  supportingWindowsVMs.lt  fell 
down  more  on  SLES,  likely  because  LinuxIC 
wasn’t  available  to  boost  performance  results. 

Testing  VMs  with  business-application 
loads 

The  second  round  of  performance  tests 
compared  iterative  VM  application  perform¬ 


ance  as  VMs  were  added  to  the  HP  Server  sys¬ 
tem.  We  tracked  performance  for  one,  three 
and  six  VMs  when  supporting  approved 
guests.  We  measured  performance  when  each 
VM  was  allocated  its  own  vCPUs  and  when 
each  was  allowed  to  tap  into  four  vCPUs.This 
load  test  theoretically  would  amplify  perform¬ 
ance  differences. 

Our  test  tool  was  SPECjbb2005  —  a  widely 
used  benchmark  that  mimics  distributed 
transactions  in  a  distribution  warehouse-like 
environment. The  SPECjbb2005  test  used  Java 
application  components  running  inside  a  sin¬ 
gle  host  orVM  instance.  The  first  component 
simulated  a  client  generating  threads  to  be 
processed  by  the  second  component,  a  busi¬ 
ness-logic  engine  that  in  turn  stored  and 
fetched  objects  in  transactions  to  and  from  a 
set  of  Java  Collection  objects  (emulating  a 
database  engine),  logging  them  through  a  set 
of  iterative  transaction  cycles.  SPECjbb2005 
spawns  test  parameters  it  chooses  based  on 
the  number  of  CPUs  found,  as  well  as  the 
available  memory  in  the  host.  The  measured 
output  is  in  basic  operations  per  second,  or 
bops  per  period  of  time,  with  the  more  bops 
per  test  run,  the  better. 

We  completed  multiple  runs  with  each 
hypervisor,  a  set  where  each  VM  was  allocated 
its  own  vCPU  and  a  set  where  each  VM  was 
permitted  to  tap  into  four  vCPUs. 

In  both  cases,  we  ran  tests  with  one,  three 
and  six  VMs.  We  ran  sequences  first  with 
Windows  Server  2008  as  the  hosted  operating 
system,  then  with  SLES  10.2  as  the  hosted 
operating  system. 

The  first  round  used  a  ratio  of  one  VM  guest 
operating  system  per  vCPU  and  limited  mem¬ 
ory  access  (2GB)  for  each  operating-system 
instance.  This  resource  allocation  is  typical  of 
what  would  happen  during  a  server  consoli¬ 
dation,  in  which  older  single-CPU  machines 
are  consolidated  into  a  physical-to-virtual  re¬ 
hosting  scenario. 

VMware  started  out  ahead  in  this  race  with 
Windows  Server  2008  and  SLES  10.2  virtual 
performance  nearly  as  fast  as  native  perform¬ 
ance,  and  held  close  to  that  pace  with  three 
guest  operating  systems.  Hyper-V  with  three 
VMs  in  place  was  about  1,400  bops  (see 
graphic,  page  42)  off  VMware’s  pace  with 
Windows  Server  2008  guests,  and  1,800  bops 
down  from  the  ESX  mark  with  SLES  VMs. 

At  six  VM  guests,  both  hypervisors  began  to 
struggle  to  deliver  performance  comparable  to 
what  a  native  operating  system  running  direct¬ 
ly  on  the  server  can  pull  off.  Microsoft  kept  its 
performance  drop  a  bit  more  in  check, 
because  it  appears  to  have  mastered  a  more 
linear  distribution  of  hypervisor  resources 
when  virtual  machines  get  piled  on. 

In  reality,  consolidated  instances  aren’t  nec¬ 
essarily  as  burdened  at  the  pace  we  placed  on 
the  instance  by  running  concurrent  SPECjbb- 
2005  tests.  Many  operating-system  and  applica¬ 
tion  instances  typically  have  far  less  constant 
CPU  utilization  than  SPECjbb2005  places  on 


Tracking  performance  degradation  as  VMs  are  added 
in  a  symmetric-multiprocessing  state 

EachVM  guest  now  can  use  four  vCPUs — the  maximum  SMP  vCPUs  supported 
by  each  hypervisor.  Performance  is  strong,  but  as  additional  guests  are  added, 
Hyper-V  finds  unused  CPUs  and  taps  into  them. When  over-subscribed,  however, 
Hyper-V  sags  while  ESX  tries  to  maintain  availability  —  but  both  are  still 
buckling  under  the  performance  pressure. 


Windows  Server 
2008  on  ail  VMs 

Novell  SLES  10.2 
on  all  VMs 

Operating  system  running  natively  across 
four  CPUs. 

32,525 

33,996 

One  operating  system  instance  running  on 
Microsoft  Hyper-V  with  access  to  four  vCPUs. 

31,037 

(95.43%  of  native) 

28,776 

(84.65%  of  native) 

One  operating  system  instance  running  on 
VMware  ESX  with  access  to  four  vCPUs. 

31,155 

(95.79%  of  native) 

32,680 

(96.13%  of  native) 

Three  VMs  running  on  Microsoft  Hyper-V 
with  four  vCPUs  allocated  to  each  VM. 

33,674 

(103.53%  of  native) 

30,976 

(91.12%  of  native) 

Three  VMs  running  on  VMware  ESX  with 
four  vCPUs  allocated  to  each  VM. 

27,143 

(83.45%  of  native) 

27,778 

(81.71%  of  native) 

Six  VMs  running  on  Microsoft  Hyper-V  with 
four  vCPUs  allocated  to  each  VM. 

14,588 

(44.85%  of  native) 

11,122 

(32.72%  of  native) 

Six  VMs  running  on  VMware  ESX  with  four  16,136 
vCPUs  allocated  to  each  VM.  (49.61%  of  native) 

17,089 

(50.27%  of  native) 

All  results  in  average  bops  perVM. 
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Disk  I/O  results  with  VMs  accessing  a  single  vCPU 

lOMeter  disk-l/O  testing  favored  VMware  overall  when  it  came  to  speed 
of  Microsoft  Windows  Server  2008,  but  Hyper-V  boosted  SLES  Linux  in 
single-CPU  VMs.  All  results  are  expressed  in  millions  of  I/Os  per  second. 


Windows 
Server  2008 

Novell 

SLES  10.2 

Native  operating  system  running  on  a  single 
CPU. 

712.97 

226.96 

I/O  operations  per  second  with  six  VMs, 
each  using  one  vCPU,  average  of  each  VM 
in  concurrent  IOmeter  tests. 

Hyper-V 

145.71 

109.51* 

VMware 

288.94 

79.64 

Total  I/O  operations  per  second,  all  six  VMs 
each  using  one  vCPU,  test  running 
concurrently  on  allVMs. 

Hyper-V 

874.29 

657.07* 

VMware 

1,733.63 

477.85 

•Results  achieved  with  Microsoft  Hyper-V  Linux  Interface  Connector  kit  applied. 


them,  and  the  utilization  is  often  more  random 
in  nature.  We  stressed  the  VMs  and  the  hypervi¬ 
sors  supporting  them  to  amplify  how  each 
hypervisor  reacted  under  enormous  loads. 

In  the  second  round  of  iterative  tests,  we 
allowed  each  VM  access  to  four  vCPUs,  the 
maximum  allowed  by  either  hypervisor  under 
test.  Each  machine  was  still  limited  by  2GB  of 
memory  because  it’s  a  common  ceiling  when 
operating  systems  are  consolidated  and  tested. 
This  test  scenario  more  readily  demonstrated 
how  VMs  would  be  used  in  virtualized  data¬ 
base  applications,  rendering  farms,  high-vol¬ 
ume  transaction  systems  and  other  applica¬ 
tions  needing  strong  CPU  availability  and  SMP 
kernels. 

As  before,  we  started  with  a  single  VM  guest 
to  establish  a  baseline,  then  added  two  more 
VMs  for  a  total  of  three  instances,  then  three 
more  for  a  total  of  six  VMs.  In  the  first  test  (see 
graphic,  page  44),  as  we  noted  in  our  cost-of- 
virtualization  test,  VMware  pulled  slightly 
ahead  when  it  hosted  Windows  Server  2008 
clients  and  had  almost  an  1100  bops  advan¬ 
tage  when  it  hosted  SLES  10.2  VMs.  Because 
Microsoft’s  LinuxIC  kit  isn’t  supported  for  SMP 
environments,  Hyper-V’s  performance  with 
SLES  was  dampened  without  the  boost  it  pro¬ 
vided  in  the  tests  where  we  could  allocate  a 
single  vCPU  to  each  VM. 

In  the  test  where  three  VMs  each  used  four 
vCPUs,  12  vCPUs  were  in  play.  Because  there 
were  16  physical  CPU  cores  on  the  server  in 
our  test  bed  that  could  be  virtualized  by  the 
hypervisors  under  test,  there  were  four  CPUs 
sitting  idle.  Hyper-V  pulled  ahead  of  VMware 
ESX  in  this  instance  with  an  average  6500 
more  bops.  Our  test  results  suggest  that  Hyper- 
V  could  see  those  extra  available  hardware 
resources  and  tapped  into  them,  and  ESX 
could  not. 

This  advantage  was  lost,  however,  when  we 


oversubscribed  CPU  availability  in  the  final 
round  of  testing.  Oversubscription  is  a 
method  that  allocates  more  physical  CPU 
than  is  available,  allowing  VMs  to  “share”  their 
allocated  vCPUs  with  other  VM  guests.  It’s  a 
useful  process  when  VMs  are  running  appli¬ 
cations  that  use  CPU  power  randomly, 
because  it  lets  you  stuff  more  VMs  while 
(depending  on  guest  activities)  offering 
performance  at  or  above  what  the  guests  did 
before  they  were  virtualized. 

Six  VM  guests  each  using  four  vCPUs  over¬ 
subscribed  the  16  physical  CPU  cores  in  our 
test  rig.  Both  hypervisors  started  to  buckle 
under  an  extreme  load,  because  CPU  power 
was  at  a  premium  in  this  stressful  test.  But 
VMWare  seemed  to  deal  with  oversubscrip¬ 
tion  better  than  Hyper-V  because  it  still 
could  pull  down  an  average  of  16,136  bops 
with  Windows  Server  2008  guests  (com¬ 


pared  with  Hyper-V’s  14,588  bops)  and 
17,089  bops  with  SLES  guests  (compared 
with  Hyper-V’s  11,122  bops).  Microsoft  also 
is  at  a  slight  disadvantage  in  oversubscrip¬ 
tion  because  a  native  instance  of  Windows 
Server  2008  needs  to  be  active  to  run  the 
Hyper-V  hypervisor  system  —  using  up  its 
own  space  and  CPU. 

The  disk  1/0  seen  in  a  VM  light 

We  also  tracked  disk  throughput  of  hosted 
VMs  with  Intel’s  IOMeter  (pre-compiled 
Windows  and  Linux  versions).  IOMeter 
exercises  disk  subsystems  by  spawning 
worker  threads  that  read  and  write  to  the 
subsystem  in  a  tester-defined  routine. 
Measurements  are  summarized  in  terms  of 
I/Os  per  second  as  recorded  by  IOmeter  at 
the  end  of  a  test  run.  The  results  are 
expressed  in  terms  of  I/Os  per  second.  A 
higher  number  of  I/Os  is  better. 

In  a  virtualized  world, VM  guest  instances 
must  contend  with  either  internal  disk  or 
storage-area-network  resources.  When  the 
hardware  is  re-represented  to  guest  operat¬ 
ing  systems  through  virtualization,  the 
hypervisor  layer  between  the  hardware  and 
guest  VMs  uses  its  own  disk  driver  to  man¬ 
age  disk  activity. 

Adding  virtualized  guests  divides  the 
hardware  resources  among  the  guest  VM 
operating-system  and  applications 
instances.  Even  though  native  operating-sys¬ 
tem  drivers  might  be  good,  a  hypervisor’s 
ability  to  manage  communication  needs 
among  a  number  of  guests  becomes  a  very 
sophisticated  business;  and  latency  and  effi¬ 
ciency  issues  will  be  seen  as  application- 
performance  slowdowns. 

We  ran  IOmeter  in  each  VM  instance  to 
gauge  how  the  hypervisor  could  “breathe” 
data  to  disk.  We  used  a  tougher-than-real- 
world  ratio  of  70%  writes  vs.  30%  reads.  We 
favored  writes  in  our  configuration  because 
they  aren’t  heavily  cached  by  the  operating 


Disk  1/0  results  with  VMs  accessing  four  vCPUs 

Continuing  its  prowess  as  the  I/O  leader  when  hosting  WindowsVMs,  VMware 
laps  Hyper-V  in  this  test  with  Windows  Server  2008  guests  riding  on  its  back 
in  a  symmetric-multiprocessing  environment.  It  also  held  its  own  when  hosting 
SLES  VMs,  topping  Hyper-V  slightly. 


Hosting 

Windows 

Server 2008  VMs 

Hosting 
Novel!  SLES 
10.2  VMs 

Native  operating  system  running  on  four- 
CPU  core. 

1,040.38 

322.93 

I/O  operations  per  second  with  six  VMs, 
each  using  four  vCPUs.  Results  reflect  the 

Hyper-V 

166.27 

69.95 

average  performance  of  each  VM  in 
concurrent  IOmeter  tests. 

VMware 

313.72 

77.56 

I/O  operations  per  second  with  six  VMs, 
each  using  four  vCPUs.  Results  reflect  the 

Hyper-V 

997.64 

419.67 

total  performance  of  each  VM  in  concurrent 
IOmeter  tests. 

- ........  - - - - - - — - - - — . 

VMware 

..  . 

1882.34 

All  results  in  millions  of  I/Os  per  second. 
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system  (so  their  contents  don’t  evaporate  during  power  outages  or 
hardware  resets),  and  reads-based  cache  can  distort  measurements. 

We  established  the  I/O  performance  of  a  native  operating  system 
(in  both  single  and  SMP  servers)  to  establish  a  baseline  of  the  oper¬ 
ating  system’s  disk-I/O  speed  as  measured  by  lOMeter.We  then  ran 
the  same  tests  on  each  of  our  hypervisor-ed  environments  with  six 
VM  guests.  We  wanted  to  know  if  the  hypervisor  could  make  more 
disk  channels  available  to  VM  guests  than  they  could  on  their  own 
as  native  instances. 

The  good  news  is  that  our  tests  showed  both  hypervisors  could 
pump  up  the  disk  channel  at  rates  greater  than  a  single  native 
instance  could  when  we  added  more  guest  VM  instances.  This 
means  that  hypervisors  controlling  the  disk  channel  (an  HP  Smart 
Array  in  our  case)  can  do  a  good  job  of  cramming  that  channel 
when  the  number  of  VM  guests  increases. 

In  the  hosted  SLES  results,  where  each  VM  accessed  a  single  vCPU, 
we  again  saw  that  Hyper-VVM  guest  operating-system  instances  get  a 
formidable  boost  from  the  LinuxIC  kit;  SLES  Linux  VMs  ran  faster  on 
Hyper-V  than  on  VMware  ESX.  When  we  tested  to  see  if  SLES  without 
the  LinuxIC  kit  would  be  slower  than  VMware  ESX,  we  found  it  per¬ 
formed  within  a  single  percentage  point  of  ESX.  When  we  ran  this  test 
on  Hyper-V  without  the  LinuxIC  kit,  the  average  I/O  for  an  SLES  VM 
was  83.78  million  I/Os  per  second,  about  5%  faster  thanVMWare’s  disk 
throughput  with  SLES. 

However,  Hyper-V  doesn’t  fare  as  well  in  delivering  disk  I/O  to  its  own 
Windows  Server  2008.  VMware  lapped  Microsoft  with  six  Windows 

■  Independent,  unbiased  product  testing. 

Go  online  for  Network  World's  ethical  testing  policy 

www.networkworld.com/reviews 


Server  2008  VMs  loaded  up. 

When  we  measured,  disk  I/O  activity  in  an  SMP  environment  — 
where  our  six  VMs  were  each  allocated  4  vCPUs  —  we  intentionally 
oversubscribed  the  server  to  see  if  the  hypervisors  could  sustain 
their  disk-channel  activity  when  given  a  volume  of  disk  demand 
from  each  guest.  A  hypervisor  is  an  operating  system  of  its  own,  so  it 
must  carefully  reallocate  disk-writing  time  and  switch  contexts 
among  guests  cleanly  and  efficiently. 

In  these  tests,  both  hypervisors  achieved  more  I/O  performance  than  a 
native  operating  system  running  on  bare  metal.VMware  ESX  is  the  clear 
winner,  however.  When  hosting  Windows  Server  2008  VMs,  it  registered 
1733.63  million  I/Os  per  second  compared  with  Hyper-V’s  874.29  million 
I/Os  per  second  and  the  native  operating  system’s  performance  of  712.97 
million  I/Os  persecond.lt  also  beat  out  Hyper-V  in  the  hosted  SLES  envi¬ 
ronment  by  a  narrow  margin  of  about  45  million  I/O  per  second.  Hyper- 
V  no  longer  has  the  advantage  of  the  LinuxIC  kit,  which  doesn’t  support 
SMP  hardware. 

Overall 

VMware’s  initial  lead  in  the  marketplace  has  given  it  a  performance 
lead  in  most  of  the  areas  we  tested,  although  Microsoft’s  prowess  is 
beginning  to  show  in  a  core  area  —  consolidation  of  single-CPU- 
focused  VM  performance.  Both  vendors  are  likely  to  improve  their  per¬ 
formance  numbers  rapidly,  because  it’s  a  source  of  strong  competition 
between  them.  Biting  at  their  heels  are  offerings  from  Citrix  Systems, Sun 
and  Red  Hat,  as  well  as  from  open  source  developments  that  are  reach¬ 
ing  commercial  potential. VM  performance  is  certainly  an  area  to  keep 
an  eye  on. 

Henderson  is  principal  and  Allen  is  a  researcher  at  ExtremeLabs  in 
Indianapolis.  They  can  be  reached  at  thenderson@extremelabs.com. 
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User’s  view  of  Microsoft  Hyper-V 

RackForce  rolls  out  virtualization  to  speed  on-the-spot  scalability 


Going  virtual 

RackForce  Networks  is  using  Microsoft’s  Hyper-V  to  create  a  virtualized 
environment  that  users  can  adjust  on  the  fly  given  their  computing  needs  at 
any  given  moment. 
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RackForce  hosts  dedicated  and  virtual  private  servers  for  e-businesses,  application 
providers  and  hosting  resellers. 

Those  users  access  the  RackForce  service  via  the  Internet 


RackForce’s  Dynamic  Dedicated  Servers-Virtual  environment  separate  applications 
(processing  cloud),  memory  and  data  (SAN  cloud)  into  virtual  environments.  That  lets 
users  throttle  their  computing  needs  instantaneously  because  servers  don’t  need  to 
be  reconfigured  and  data  doesn't  need  to  be  copied. 


BY  JOHN  FONTANA 

Hosting  provider  RackForce  Networks  ex¬ 
pects  that  Microsoft’s  just  released  Hyper-V  vir¬ 
tualization  technology  will  give  it  a  chance  to 
take  a  major  step  in  its  business  strategy 

The  company,  which  hosts  dedicated  and 
virtual  private  servers  for  e-businesses,  appli¬ 
cation  providers  and  hosting  resellers,  has 
been  working  toward  providing  resource  up¬ 
grades  on  the  fly.  Today  the  company  accom¬ 
plishes  that  to  a  varying  degree,  but  Hyper-V 
takes  it  to  another  level. 

RackForce  provides  services  up  to  the 
operating-system  level,  while  customers  load 
and  manage  their  applications.  Its  Dynamic 
Dedicated  Servers  give  users  a  virtual  space 
on  a  physical  host,  but  now  it  wants  to  pro¬ 
vide  DDS-Y  or  virtualized  DDS,  where  the 
data  storage  is  pushed  off  to  a  storage-area 
network  (SAN),  allowing  instantaneous  scal¬ 
ing  of  applications. 

Given  Hyper-V’s  support  for  SANs,  RackForce 
can  scale  its  platform  to  add  more  processing 
power  without  having  to  worry  about  moving 
or  copying  data. 

“The  model  we  are  roiling  out  relies  on 
SANs,”  says  Tim  Dufour,  CEO  of  RackForce. 
“[SAN  support]  does  an  incredible  thing.  It 
allows  us  to  move  capacity  in  seconds,  so 
scalability  is  instantaneous.” 

In  addition,  Microsoft’s  new  Virtual  Machine 
Manager  tool  eventually  will  let  RackForce 
find  and  allocate  resources  located  anywhere 
in  its  forthcoming  GigCenter  data  center,  not 
just  within  a  single  DDS  platform.  RackForce 
currently  has  three  British  Columbia-based 
data  centers  that  tap  into  hydropower. 

Today  RackForce  has  2,500  server  cus¬ 
tomers,  60%  of  which  run  on  virtualized  envi¬ 
ronments  within  DDS  platforms.The  other  40% 
are  on  traditional  dedicated  servers.  Of  the 
60%  using  virtualization,  just  less  than  half  are 
running  Windows. 

Dufour  says  the  other  major  enhancements 
important  in  Hyper-V  are  the  removal  of  limi¬ 
tations  on  processor  support  and  elimination 
of  the  4GB  restriction  imposed  on  RAM  by 
Hyper-V’s  predecessor  Virtual  Server.  Re¬ 
moving  those  limitations  means  customers 
won’t  “bump  their  heads”  as  they  try  to  ex¬ 
pand,  he  says.  RackForce  runs  Hyper-V  on  IBM 
x3950  servers  with  four  quad-core  processors, 
and  stacks  four  machines  to  create  a  platform 
with  16  processors  and  64  cores. 

While  Hyper-V  will  help  push  RackForce  for¬ 
ward,  Microsoft’s  virtualization  platform  still  is 
missing  some  needed  elements,  such  as  a 
complete  set  of  provisioning  tools,  Dufour 
says.  RackForce  will  offer  its  instantaneous 
scalability  via  a  portal  so  users  can  service 
their  own  needs,  but  the  company  will  have  to 


tie  that  into  its  billing,  ticketing  and  inventory 
systems.  Currently  RackForce  has  to  do  that 
integration  itself. 

The  big  ticket,  however,  is  live  migration,  a 
feature  Microsoft  cut  from  the  first  version  of 
Hyper-V“That  is  important,  and  we  are  looking 
forward  to  it,”  Dufour  says.  “If  we  wanted  to 
move  from  the  x3950  platform  and  scale  up 
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beyond  the  current  processor  power,  we  could 
do  that  migration  without  any  downtime.” 

Dufour  knows  the  luxury  of  such  a  move  be¬ 
cause  RackForce  can  do  live  migrations  with 
its  Linux-based  virtualization  platforms.  “But 
our  Hyper-V  technicians  are  telling  us  it  has 
come  a  long  way  and  they  are  impressed.  And 
these  guys  are  typically  Linux  techies.”  ■ 
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Vista:  IT  loves  it,  hates  it 


Mark  Gibbs 


Last  week  I  suggested  that  the  IT  world, par¬ 
ticularly  when  it  comes  to  marketing,  is 
crazy  and  I  cited  as  evidence  Microsoft’s 
recently  announced  $10  million  plan  to  use 
comedian  Jerry  Seinfeld  to  hawk  Vista. 
BACKSPIN  In  the  process  of  explaining  this  craziness  1 
took  a  swipe  at  Vista:“To  recycle  an  old  joke, 
trying  to  repair  the  markets  perception  of  Vista 
by  being  funny  is  like  rearranging  the  deck 
chairs  on  the  Titanic  ...  as  it  sinks.”  I  then  suggested  that,  should  you 
be  happy  with  Vista  you  must  have  swallowed  Redmond’s  blue  pill 
and  to  not  bother  writing  in.  Ha! 

Reader  Glenn  Morley  was  first  in  with:“Feople  knocking  Vista  don’t 
know  what  they  are  talking  about  (sorry  dude,  but  you  asked  for  it. . .). 
Vista  is  the  best  OS  from  Microsoft  to  date.  I’ve  got  the  experience  and 
the  user  base  to  prove  it,  and  I  can  back  that  statement  up  with  hard 
data.  I  manage  a  nationwide  network  of  over  1,600  seats  from 
California  to  North  Carolina. We  run  it  all,  from  OS  X  [and]  Linux  to 
every  MS  OS  from  2000  on  up.  I  am  completely  platform  agnostic.  I 
want  the  best  solution  for  the  given  situation.  Across  the  board, Vista  is 
the  superior  choice.  Period.” 

Wow.  I  think  he’s  serious.  Morley  continued:“The  Apple  ads  attacking 
Vista  are  laughable.  I’m  not  sure  how  the  FTC  allows  such  intentionally 
misleading  information.” 

Oh  come  on!  Microsoft’s  rabid  spin-meistering  with  the  ridiculous 
“Mojave  Experiment”  and  “Windows  is  cheaper  to  run  than  Linux”  cam¬ 
paign  weren’t  intentionally  misleading? 

Morley  concluded:“If  you  don’t  think  so,  take  a  peek  outside  of  your 
cage  and  I’ll  show  you  what  it’s  like  to  manage  a  real  network,  with  real 
users  from  coast  to  coast.  Viva  Vista!” 

Glen,  Glen,  Glen.  My  cage  is  covered  over.  Rather  like  a  parrot’s.  I 
am  not  allowed  out. 


Reader  Matthew  Schlawin  also  wrote  in:“I  always  look  forward  to 
reading ‘Backspin’ and  1  thoroughly  enjoyed  your  Aug.  25  column.  As  I 
was  reading  I  found  myself  nodding  and  agreeing  with  paragraph  after 
paragraph. Your  conclusion  was  dead-on.”  (I  like  this  guy) 

Schlawin  explained  he’s  not  at  all  excited  by  Vista:“I  am  the 
technology  director  of  a  small  high  school  (640  students)  and  we 
are  trying  as  hard  as  possible  to  avoid  Vista.  Our  hardware  will  not 
support  it,  our  peripherals  will  not  work,  and  we  would  really 
rather  not  put  in  yet  another  server  just  to  handle  licensing.  If 
Microsoft  could  have  only  given  me  just  one  feature  in  Vista  that 
would  make  upgrading  worthwhile.  (I  really  can  live  without  a 
spinning  cube!)” 

His  last  point  is  a  complaint  I’ve  heard  from  many  of  you.  Lots  of 
folks  say  the  “advances”  in  Vista  are  just  more  chrome. 

Schlawin’s  conclusion: “The  sad  thing  is  that  in  a  year  or  so  the 
new  hardware  we  buy  will  only  come  with  Vista  drivers.  When  they 
stop  making  XP  drivers  we  will  be  forced  to  upgrade.  I’m  hoping 
Windows  7  will  make  the  blue  pill  a  little  easier  to  swallow,  but  I’m 
not  holding  my  breath.” 

Here’s  the  problem:  We’ve  seen  that  Vista’s  resource  requirements  are 
far  greater  than  those  of  XR  which  means  that  many  organizations 
going  down  the  Vista  rabbit  hole  will  require  significant  investment.  We 
also  know  that  many  machines  that  were  quite  happily  running  Vista 
were  later  “broken”  by  the  installation  of  the  first  service  pack. 

To  me  this  doesn’t  sound  like  a  good  proposition  for  most  IT  shops, 
but  for  all  the  Matthews  there  are  also  a  lot  of  Glenns.  So,  let’s  find  out 
what  you  really  think  —  drop  a  note  to  vistasurvey@gibbs.com  and  I’ll 
report  the  findings  in  a  couple  of  weeks. 

Gibbs  is  happy  in  his  cage  in  Ventura,  Calif.  Send  a  note  through  the 
bars  at  backspin@gibbs.com. 
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In-flight  VoIP  no  mere  Flash  in  the  pan 

D 


elta  Airlines  recently  introduced  in¬ 
flight  wireless  Internet  access 
(www.nwdocfinder.com/6435).  Users 
aren’t  supposed  to  use  the  Aircell  service  for 
making  phone  calls,  and  apparently  the  sys¬ 
tem  blocks  VoIP  packets  (so  no  Skype).On 

COMPENDIUM  VoIP  Watch,  Andy  Abramson  reports  just  how 

easy  that  restriction  was  to  bypass  (www.nw 
docfinder.com/  6436).  He  called  an  acquain¬ 
tance  on  a  Delta  flight  through  a  service  called  Phweet  (www.nw 
docfinder.com/6437).  Abramson  writes: 

“I  invited  Joanna, she  replied  and  once  I  figured  out  how  to  get 
Phweet  to  answer  (I  had  to  use  Safari,  not  Firefox),  Joanna  and  I  were 
having  a  lovely  conversation  while  she  was  on  an  Aircell  flight.  1  don’t 
mean  a  5-second  hi,  hello.  I  mean,  a  real  conversation,  as  she  held  her 
Lenovo  UMPC  up  to  her  face.  I  even  heard  the  announcement  from 
the  flight  attendants  as  she  was  about  to  land. 

“Here’s  the  logic.  Flash  audio  is  embedded  inside  Flash.  Unless 
Aircell  wants  to  block  all  Flash  traffic,  this  is  the  way  to  talk.” 

More  fun  with  Boston's  subway  pass  readers 

Last  month,  the  Massachusetts  Bay  Transportation  Authority  sued 
some  MIT  students  to  keep  them  from  publicly  discussing  possible 
security  holes  in  the  system’s  pass  system  (www.nwdocfinder.com/ 
6438). 

A  blogger  who  goes  by  Zeroday  didn’t  have  to  do  anything  fancy  to 
find  another  problem  —  he  simply  tried  to  get  into  the  subway  one 
day  and  got  an  error  message  when  trying  to  use  his  pass.  He’s  posted 
a  photo  of  a  quasi-BSOD  on  a  subway  gate  at  a  Cambridge,  Mass., stop, 


featuring  a  Visual  C++  error  message.  Some  online  kibbitzers  in  Boston 
speculated  that  the  presence  of  the  sprintfO  function  in  the  error  mes¬ 
sage  meant  some  sloppy  programming:“The  C  sprintfO  function  is 
infamous  for  not  checking  the  length  of  the  buffer  it  is  writing  to 
(because  it  can’t). This  can  easily  cause  a  crash  or  memory  corrup¬ 
tion.”  See  Zeroday  s  photo  at  ww.nwdocfinder.com/6439  and  read 
some  comments  on  it  at  www.nwdocfinder.  com/6440. 

Shake  it  like  a  Polaroid  picture 

With  Polaroid  film  rapidly  disappearing,  fans  of  the  Polaroid  look  will 
have  to  resort  to  digital  trickery  Jon  Dyer  has  posted  a  simple  tem¬ 
plate  and  instructions  for  making  your  existing  photos  look  like  you 
had  to  wait  60  seconds  after  you  took  them. 

But  if  you  still  have  plenty  of  actual  Polaroid  film, “Microwaving 
the  Film”  is  for  you. Yes,  it’s  tips  for  getting  some  interesting  effects 
by  putting  your  Polaroid  images  in  a  microwave:  “After  the  micro- 
wave  is  finished,  look  at  the  film.  If  it  does  not  have  the  desired 
look,  add  2  seconds  to  the  cook  time  and  repeat  step  3.  Do  not 
exceed  10  seconds.” 

The  page  does  carry  this  important  safety  FAQ: “I  can’t  feel  my  legs. 
The  room  has  a  blue  tint  now, and  1  suspect  I  may  not  be  real. 

“You  have  inhaled  too  many  of  the  chemical  fumes  from  the 
microwave.  Find  the  talking  green  box  —  this  is  your  telephone.  Open 
its  mouth,  tickle  the  cow,  apply  the  sticky  orange  paste  to  the  third 
knob,  and  shout  ‘HELP!’This  will  summon  an  ambulance  and/or  a  suc¬ 
cession  of  clowns,  either  of  which  should  improve  your  situation.” 

Gaff  in  is  Network  World’s  online  executive  editor.  Catch  his  blog  at 
www.nwdocfinder.com/6443.  Paul  McNamara  returns  next  week. 
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STUFF 

HAPPENS. 


No  matter  where  you  are 
or  what  you’re  doing,  something  or 
someone  can  compromise  your  DNS. 
Be  the  first  to  know  about  your  domain 
or  email  problem,  especially  when 
your  business  depends  on  it. 

■1  DNSstuff.com 

CLICK.  CHECK.  RESOLVE. 


Alert  services  that  work  for  you 
24/7/365 

DNSalerts  (domain  monitoring) 
RBLalerts  (email  blacklist  monitoring) 

■  Put  our  alerts  to  the  test  -  FREE! 
Select:  Promo  Pack  |  Alert  Combo  2  month 
Coupon  code:  NWWALERT 


111®' 


Gather  all  your  information  in  one  place 
Add  your  smarts,  and  you've  got 


With  a  perfect  sightline  to  your  entire  IT  portfolio  of  assets,  services,  resources  and  projects,  it's  easy  to  be  right  about  a  lot. 
CA's  approach  to  supporting  IT  governance  empowers  you  to  make  decisions,  investments  and  trade-offs  that  are  spot  on. 
The  truth  is,  people  are  drawn  to  that  kind  of  business  savvy.  But  not  to  worry,  you'll  get  used  to  all  the  attention.  Eventually. 
To  learn  more,  download  the  latest  white  paper  at  ca.com/itg. 


CA  World  08:  November  16-20 
Register  at  caworld.com 
by  September  19  and  save  $200 
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